

Multiple Mozilla Firefox Products Vulnerabilities
July 16, 2024
Multiple IBM Products Vulnerabilities
July 16, 2024
Multiple Mozilla Firefox Products Vulnerabilities
July 16, 2024
Multiple IBM Products Vulnerabilities
July 16, 2024Severity
Medium
Analysis Summary
CVE-2024-34140 CVSS:5.5
Adobe Bridge could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-34142 CVSS:5.4
Adobe Experience Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-34140
- CVE-2024-34142
Affected Vendors
Affected Products
- Adobe Experience Manager 6.5.20
- Adobe Bridge 13.0.7
- Adobe Bridge 14.1
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.