Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

Multiple Vulnerabilities in Adobe

Issued: 
Thursday, 13 October, 2022
Last Revision: 
Thursday, 13 October, 2022
Vendor: 
Adobe
Product: 
Multiple products
Severity Level: 
High
Summary: 

Adobe has rolled out numerous security fixes addressing around seven adobe products. The roll out has targeted products which are Experience Manager, Adobe Bridge, Adobe InDesign, Adobe Photoshop, Adobe InCopy, Adobe Animate, Adobe Illustrator. 

 

These updates address critical and important vulnerabilities that could lead to arbitrary code execution and memory leak. 

 

  

CVE/Vulnerability

Description 

Severity

Exploitable

 

CVE-2022-30682

Arbitrary code execution

6.4

No

 

 CVE-2022-35699

CVE-2022-35700

CVE-2022-35701

CVE-2022-35702

CVE-2022-35703

CVE-2022-35704

CVE-2022-35705

CVE-2022-35706

CVE-2022-35707

CVE-2022-35708

Arbitrary code execution

7.8

No

 

CVE-2022-28851

Arbitrary file system read

7.5

No

 

CVE-2022-28852

CVE-2022-28853

Arbitrary code execution

7.8

No

 

CVE-2022-38413

CVE-2022-38414

CVE-2022-38415

CVE-2022-38416

CVE-2022-38417

Arbitrary code execution

7.8

No

 

CVE-2022-35713

Arbitrary code execution

7.8

No

 

CVE-2022-38401-5 

Arbitrary code execution

7.8

No

 

CVE-2022-38411-12 

Arbitrary code execution

7.8

No

 

CVE-2022-38408

Arbitrary code execution

7.8

No

 

      

 Table 1: Vulnerability details

 

 

CVE/Vulnerability

Affected Product(s)

Affected Version

 

 

CVE-2022-30677-8

CVE-2022-30680-6

CVE-2022-35664

CVE-2022-34218

CVE-2022-38438-9

Adobe Experience Manager (AEM)

AEM Cloud Service (CS) 6.5.13.0 and earlier versions

 

 

CVE-2022-35699

CVE-2022-35700

CVE-2022-35701-9

CVE-2022-38425

Adobe Bridge 

12.0.2 and earlier versions 

11.1.3 and earlier versions 

 

 

CVE-2022-28852-7

CVE-2022-30671-6 

CVE-2022-38413-17 

Adobe InDesign

17.3 and earlier versions

      16.4.2 and earlier versions

 

 

 

CVE-2022-35713

Photoshop 2021

Photoshop 2022

    22.5.8 and earlier versions     

23.4.1 and earlier versions

 

 

CVE-2022-38401-7 

Adobe InCopy  

17.3 and earlier version

16.4.2 and earlier version

 

 

 

CVE-2022-38411-12

Adobe Animate 2021

Adobe Animate 2022

21.0.11 and earlier versions

22.0.7 and earlier versions

 

 

CVE-2022-38408-10 

Illustrator 2022

Illustrator 2021

26.4 and earlier versions 

25.4.7 and earlier versions 

 

      

                                                                                 Table 2: Vulnerable versions

 

Recommendation: 

We recommend all entitiesto follow the “Adobe recommendation, to update the latest version. 

References: 
Security Updates Available for Adobe Illustrator | APSB22-55
Security updates available for Adobe Animate | APSB22-54
Security Update Available for Adobe InCopy | APSB22-53
Security update available for Adobe Photoshop | APSB22-52
Security Update Available for Adobe InDesign | APSB22-50
Security Updates Available for Adobe Bridge | APSB22-49
Security updates available for Adobe Experience Manager | APSB22-40