Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2023-48796 – Apache DolphinScheduler Vulnerability
November 27, 2023
Rewterz
Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
November 27, 2023

Rewterz Threat Advisory – Multiple Adobe Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-47060 CVSS:5.5

Adobe Premiere Pro could allow a remote attacker to obtain sensitive information, caused by an access of uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-44328 CVSS:3.3

Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-47072 CVSS:3.3

Adobe After Effects could allow a remote attacker to obtain sensitive information, caused by an access of an uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-47071 CVSS:3.3

Adobe After Effects could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-44327 CVSS:3.3

Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by an access to an uninitialized pointer vulnerability. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-47053 CVSS:5.5

Adobe Audition could allow a remote attacker to obtain sensitive information, caused by an access of an uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-47044 CVSS:3.3

Adobe Media Encoder could allow a remote attacker to obtain sensitive information, caused by an access of an uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-22268 CVSS:6.5

Adobe RoboHelp is vulnerable to SQL injection, caused by improper validation. A remote authenticated attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Impact

  • Information Disclosure
  • Information Theft

Indicators Of Compromise

CVE

  • CVE-2023-47060
  • CVE-2023-44328
  • CVE-2023-47072
  • CVE-2023-47071
  • CVE-2023-44327
  • CVE-2023-47053
  • CVE-2023-47044
  • CVE-2023-22268

Affected Vendors

Adobe

Affected Products

  • Adobe Audition 24.0
  • Adobe Audition 23.6.1
  • Adobe RoboHelp Server RHS 11.4
  • Adobe After Effects 24.0.2
  • Adobe After Effects 23.6
  • Adobe Premiere Pro 24.0
  • Adobe Premiere Pro 23.6
  • Adobe Media Encoder 24.0.2
  • Adobe Media Encoder 23.6
  • Adobe Bridge 13.0.4
  • Adobe Bridge 14.0.0

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-47060

CVE-2023-44328

CVE-2023-47072

CVE-2023-47071

CVE-2023-44327

CVE-2023-47053

CVE-2023-47044

CVE-2023-22268