March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-48796 – Apache DolphinScheduler Vulnerability
November 27, 2023Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
November 27, 2023Rewterz Threat Advisory – CVE-2023-48796 – Apache DolphinScheduler Vulnerability
November 27, 2023Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
November 27, 2023
Severity
Medium
Analysis Summary
CVE-2023-47060 CVSS:5.5
Adobe Premiere Pro could allow a remote attacker to obtain sensitive information, caused by an access of uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-44328 CVSS:3.3
Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by a use-after-free error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-47072 CVSS:3.3
Adobe After Effects could allow a remote attacker to obtain sensitive information, caused by an access of an uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-47071 CVSS:3.3
Adobe After Effects could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-44327 CVSS:3.3
Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by an access to an uninitialized pointer vulnerability. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-47053 CVSS:5.5
Adobe Audition could allow a remote attacker to obtain sensitive information, caused by an access of an uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-47044 CVSS:3.3
Adobe Media Encoder could allow a remote attacker to obtain sensitive information, caused by an access of an uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-22268 CVSS:6.5
Adobe RoboHelp is vulnerable to SQL injection, caused by improper validation. A remote authenticated attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Impact
- Information Disclosure
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-47060
- CVE-2023-44328
- CVE-2023-47072
- CVE-2023-47071
- CVE-2023-44327
- CVE-2023-47053
- CVE-2023-47044
- CVE-2023-22268
Affected Vendors
Adobe
Affected Products
- Adobe Audition 24.0
- Adobe Audition 23.6.1
- Adobe RoboHelp Server RHS 11.4
- Adobe After Effects 24.0.2
- Adobe After Effects 23.6
- Adobe Premiere Pro 24.0
- Adobe Premiere Pro 23.6
- Adobe Media Encoder 24.0.2
- Adobe Media Encoder 23.6
- Adobe Bridge 13.0.4
- Adobe Bridge 14.0.0
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.