Description
Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. It is recommended that you take the necessary precautions by ensuring your product are always updated.
Adobe has released security updates for ColdFusion versions 2018, 2016 and 11. These updates resolve three (3) critical vulnerabilities that could lead to arbitrary code execution.
Affected Versions
|
Product |
Affected Versions |
Platform |
|
ColdFusion 2018 |
Update 3 and earlier versions |
All |
|
ColdFusion 2016 |
Update 10 and earlier versions |
All |
|
ColdFusion 11 |
Update 18 and earlier versions |
All |
Solution
|
Product |
Updated Version |
Platform |
Priority rating |
Availability |
|
ColdFusion 2018 |
Update 4 |
All |
2 |
|
|
ColdFusion 2016 |
Update 11 |
All |
2 |
|
|
ColdFusion 11 |
Update 19 |
All |
2 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|
File extension blacklist bypass |
Arbitrary code execution |
Critical (see note below) |
CVE-2019-7838 |
|
Command Injection |
Arbitrarycode execution |
Critical (see note below) |
CVE-2019-7839 |
|
Deserialization of untrusted data |
Arbitrarycode execution |
Critical (see note below) |
CVE-2019-7840 |
For more information on ColdFusion you can follow this url:
https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html
Adobe has released a security update for Adobe Campaign Classic. This update addresses a critical vulnerability that could result in arbitrary code execution.
Affected versions
|
Product |
Affected version |
Platform |
|
Adobe Campaign Classic |
18.10.5-8984 (and earlier versions) |
Windows and Linux |
Solution
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe Campaign |
19.1.1-9026 |
Windows and Linux |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|
Insufficient input validation |
Information Disclosure |
Important |
CVE-2019-7843 |
|
Information Exposure Through an Error Message |
Information Disclosure |
Moderate |
CVE-2019-7941 |
|
Improper error handling |
Information Disclosure |
Moderate |
CVE-2019-7846 |
|
Improper Restriction of XML External Entity Reference (“XXE”) |
Arbitrary read access to the file system |
Important |
CVE-2019-7847 |
|
Inadequate access control |
Information Disclosure |
Moderate |
CVE-2019-7848 |
|
Sensitive data in source code |
Information Disclosure |
Important |
CVE-2019-7849 |
|
Command injection |
Arbitrary Code Execution |
Critical |
CVE-2019-7850 |
For more information on Adobe Campaign Classic you can follow this url:
https://helpx.adobe.com/security/products/campaign/apsb19-28.html
Summary
Adobe has released security updates for Adobe Flash Player for Windows, macOs, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Once Successful in exploiting, it could lead to arbitrary code execution in the context of the current user.
Affected Product Versions
|
Product |
Version |
Platform |
|
Adobe Flash Player Desktop Runtime |
32.0.0.192 and earlier |
Windows, macOS and Linux |
|
Adobe Flash Player for Google Chrome |
32.0.0.192 and earlier |
Windows, macOS, Linux and Chrome OS |
|
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 |
32.0.0.192 and earlier |
Windows 10 and 8.1 |
Solution
|
Product |
Version |
Platform |
Priority |
Availability |
|
Adobe Flash Player Desktop Runtime |
32.0.0.207 |
Windows, macOS |
2 |
|
|
Adobe Flash Player for Google Chrome |
32.0.0.207 |
Windows, macOS, Linux, and Chrome OS |
2 |
|
|
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 |
32.0.0.207 |
Windows 10 and 8.1 |
2 |
|
|
Adobe Flash Player Desktop Runtime |
32.0.0.207 |
Linux |
3 |
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|
Use After Free |
Arbitrary Code Execution |
Critical |
CVE-2019-7845 |
For more information on Adobe Flash Player you can follow this url:
https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Adobe-Releases-Security-Updates