Center for Internet Security

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat Reader is a free software for viewing, printing, and annotating PDF files.Adobe After Effects is a digital software program used to create and composite visual effects, motion graphics, and animations for film, television, web video, and social media.Adobe Premiere Pro is a professional video editing software that allows users to create and edit a wide range of video content, from social media clips to feature films.Adobe Commerce is an enterprise-grade eCommerce platform that provides tools for creating and managing online stores for both B2B and B2C businesses.Adobe Substance 3D Viewer is a free, standalone desktop application (currently in beta) designed to help designers and artists visualize and work with 3D models, textures, and materials.Adobe Experience Manager (AEM) is a comprehensive content management and digital asset management system.Adobe Dreamweaver is a powerful, all-in-one web design and development software that combines a visual design surface with a code editor, allowing users to create, code, and manage websites.Adobe 3D Substance Modeler is a sculpting and 3D modeling application within Adobe’s Substance 3D suite that combines virtual reality (VR) and desktop experiences for natural, gestural creation of 3D models.Adobe ColdFusion is a commercial rapid web-application development platform that includes a server-side scripting language (CFML) and an application server designed for fast development of dynamic web pages and robust business applications.Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management softwareIvanti Connect Secure is an SSL VPN solution for remote and mobile users.Ivanti Policy Secure (IPS) is a network access control (NAC) solution which provides network access only to authorized and secured users and devices.Ivanti Neurons for Zero Trust Access (ZTA) Gateways securely connects devices to web applications, whether on-premises or in the cloud, using Zero Trust principles.Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights. 

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.