Rewterz Threat Advisory – Multiple Microsoft SharePoint Vulnerabilities
June 9, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 9, 2021Rewterz Threat Advisory – Multiple Microsoft SharePoint Vulnerabilities
June 9, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 9, 2021Severity
Medium
Analysis Summary
CVE-2021-28579
Adobe Connect could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2021-28582
Adobe Photoshop is vulnerable to a buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-28624
Adobe Photoshop is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-28628
Adobe Experience Manager (AEM) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-28627
Adobe Experience Manager (AEM) is vulnerable to a server-side request forgery. A remote authenticated attacker could exploit this vulnerability to bypass the security feature.
CVE-2021-28626
Adobe Experience Manager (AEM) is vulnerable to a denial of service, caused by improper authorization. A remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-28625
Adobe Experience Manager (AEM) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-28594
Adobe Creative Cloud Desktop Application could allow a remote attacker to execute arbitrary code on the system, caused by an uncontrolled search path element flaw. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.\
CVE-2021-28594
Adobe Creative Cloud Desktop Application could allow a remote attacker to execute arbitrary code on the system, caused by an uncontrolled search path element flaw. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
CVE-2021-28633
Adobe Creative Cloud Desktop Application could allow a local authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to create temporary files in directory with incorrect permissions.
Impact
- Gain Privileges
- Gain Access
- Cross-Site Scripting
Affected Vendors
- Adobe Connect
- Adobe Photoshop
- Abode Experience Manager
- Adobe Creative Cloud
Affected Products
- Adobe Connect 11.2.1
- Adobe Photoshop 2021 22.4.1
- Adobe Photoshop 2020 21.2.8
- Adobe Experience Manager Cloud Service (CS)
- Adobe Experience Manager 6.5.8.0
- Adobe Creative Cloud Desktop Application 2.4
Remediation
Refer to Adobe for patch, upgrade, or suggested workaround information.