Refine your search
20 vulnerabilities found for Commerce by Adobe
CERTFR-2025-AVI-0876
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Magento | Adobe Commerce versions 2.4.9-x antérieures à 2.4.9-alpha3 | ||
| Adobe | Magento | Magento Open Source versions 2.4.8-x antérieures à 2.4.8-p3 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p13 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.7-x antérieures à 2.4.7-p8 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.5-x antérieures à 2.4.5-p15 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.5.2-x antérieures à 1.5.2-p3 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.6-x antérieures à 2.4.6-p13 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.5.3-x antérieures à 1.5.3-alpha3 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.3.3-x antérieures à 1.3.3-p16 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.9-x antérieures à 2.4.9-alpha3 | ||
| Adobe | Commerce | Adobe Commerce versions antérieures à 2.4.4-p16 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.8-x antérieures à 2.4.8-p3 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7-x antérieures à 2.4.7-p8 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.4.2-x antérieures à 1.4.2-p8 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.3.4-x antérieures à 1.3.4-p13 | ||
| Adobe | Magento | Adobe Commerce versions antérieures à 2.4.5-p15 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Commerce versions 2.4.9-x ant\u00e9rieures \u00e0 2.4.9-alpha3",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-p3",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p13",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p15",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.5.2-x ant\u00e9rieures \u00e0 1.5.2-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.5.3-x ant\u00e9rieures \u00e0 1.5.3-alpha3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.3.3-x ant\u00e9rieures \u00e0 1.3.3-p16",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.9-x ant\u00e9rieures \u00e0 2.4.9-alpha3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions ant\u00e9rieures \u00e0 2.4.4-p16",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p8",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.4.2-x ant\u00e9rieures \u00e0 1.4.2-p8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.3.4-x ant\u00e9rieures \u00e0 1.3.4-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions ant\u00e9rieures \u00e0 2.4.5-p15",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54267"
},
{
"name": "CVE-2025-54266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54266"
},
{
"name": "CVE-2025-54265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54265"
},
{
"name": "CVE-2025-54263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54263"
},
{
"name": "CVE-2025-54264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54264"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0876",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-94",
"url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html"
}
]
}
CERTFR-2025-AVI-0767
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Adobe. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Commerce | Commerce B2B versions 1.3.x à 1.5.x sans le correctif de sécurité VULN-32437-2-4-X-patch | ||
| Adobe | Commerce | Commerce versions 2.4.x sans le correctif de sécurité VULN-32437-2-4-X-patch | ||
| Adobe | Magento | Magento Open Source versions 2.4.5.x à 2.4.9.x sans le correctif de sécurité VULN-32437-2-4-X-patch |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Commerce B2B versions 1.3.x \u00e0 1.5.x sans le correctif de s\u00e9curit\u00e9 VULN-32437-2-4-X-patch",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.x sans le correctif de s\u00e9curit\u00e9 VULN-32437-2-4-X-patch",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5.x \u00e0 2.4.9.x sans le correctif de s\u00e9curit\u00e9 VULN-32437-2-4-X-patch",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54236"
}
],
"initial_release_date": "2025-09-09T00:00:00",
"last_revision_date": "2025-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0767",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Adobe. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-88",
"url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html"
}
]
}
CERTFR-2025-AVI-0678
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Magento | Magento Open Source versions antérieures à 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12 et 2.4.5-p14 | ||
| Adobe | Commerce | Adobe Commerce B2B versions antérieures à 1.5.3-alpha2, 1.5.2-p2, 1.4.2-p7, 1.3.4-p14 et 1.3.3-p15 | ||
| Adobe | Commerce | Adobe Commerce versions antérieures à 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 et 2.4.4-p15 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12 et 2.4.5-p14",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions ant\u00e9rieures \u00e0 1.5.3-alpha2, 1.5.2-p2, 1.4.2-p7, 1.3.4-p14 et 1.3.3-p15",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions ant\u00e9rieures \u00e0 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 et 2.4.4-p15",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49554"
},
{
"name": "CVE-2025-49555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49555"
},
{
"name": "CVE-2025-49557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49557"
},
{
"name": "CVE-2025-49556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49556"
},
{
"name": "CVE-2025-49559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49559"
},
{
"name": "CVE-2025-49558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49558"
}
],
"initial_release_date": "2025-08-13T00:00:00",
"last_revision_date": "2025-08-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0678",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-71",
"url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html"
}
]
}
CERTFR-2025-AVI-0495
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30254 pour Windows et macOS | ||
| Adobe | Magento | Magento Open Source sans le dernier correctif de sécurité pour la vulnérabilité CVE-2025-47110 | ||
| Adobe | Magento | Magento Open Source versions antérieures à 2.4.9-alpha1 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.20531 pour Windows | ||
| Adobe | Commerce | Commerce versions 2.4.5-x antérieures à 2.4.5-p13 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p13 | ||
| Adobe | Commerce | Commerce B2B versions 1.4.2-x antérieures à 1.4.2-p6 | ||
| Adobe | Commerce | Commerce B2B versions 1.5.2-x antérieures à 1.5.2-p1 | ||
| Adobe | Commerce | Commerce versions 2.4.8-x antérieures à 2.4.8-p1 | ||
| Adobe | Commerce | Commerce B2B versions antérieures à 1.5.3-alpha1 | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.20531 pour Windows | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p11 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.4-x antérieures à 1.3.4-p13 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 25.001.20529 macOS | ||
| Adobe | Commerce | Commerce versions antérieures à 2.4.9-alpha1 | ||
| Adobe | Commerce | Commerce versions 2.4.7-x antérieures à 2.4.7-p6 | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30774 pour Windows et macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 25.001.20529 macOS | ||
| Adobe | Magento | Magento Open Source versions 2.4.8-x antérieures à 2.4.8-p1 | ||
| Adobe | Commerce | Commerce sans le dernier correctif de sécurité pour la vulnérabilité CVE-2025-47110 | ||
| Adobe | Commerce | Commerce versions 2.4.6-x antérieures à 2.4.6-p11 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30774 pour Windows et macOS | ||
| Adobe | Commerce | Commerce B2B versions 1.3.3-x antérieures à 1.3.3-p14 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7-x antérieures à 2.4.7-p6 | ||
| Adobe | Commerce | Commerce versions 2.4.4-x antérieures à 2.4.4-p14 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30254 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source sans le dernier correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-47110",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.9-alpha1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.20531 pour Windows",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p13",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.4.2-x ant\u00e9rieures \u00e0 1.4.2-p6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.5.2-x ant\u00e9rieures \u00e0 1.5.2-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions ant\u00e9rieures \u00e0 1.5.3-alpha1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.20531 pour Windows",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p11",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.4-x ant\u00e9rieures \u00e0 1.3.4-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.20529 macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions ant\u00e9rieures \u00e0 2.4.9-alpha1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30774 pour Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.20529 macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-p1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce sans le dernier correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-47110",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p11",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30774 pour Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.3-x ant\u00e9rieures \u00e0 1.3.3-p14",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p6",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p14",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43577"
},
{
"name": "CVE-2025-43573",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43573"
},
{
"name": "CVE-2025-43585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43585"
},
{
"name": "CVE-2025-43578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43578"
},
{
"name": "CVE-2025-43586",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43586"
},
{
"name": "CVE-2025-27206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27206"
},
{
"name": "CVE-2025-43550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43550"
},
{
"name": "CVE-2025-27207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27207"
},
{
"name": "CVE-2025-43574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43574"
},
{
"name": "CVE-2025-43575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43575"
},
{
"name": "CVE-2025-47111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47111"
},
{
"name": "CVE-2025-43576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43576"
},
{
"name": "CVE-2025-43579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43579"
},
{
"name": "CVE-2025-47110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47110"
},
{
"name": "CVE-2025-47112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47112"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0495",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-50",
"url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-57",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
]
}
CERTFR-2025-AVI-0292
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Commerce | Commerce B2B versions 1.5.x antérieures à 1.5.2 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7.x antérieures à 2.4.7-p5 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6.x antérieures à 2.4.6-p10 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.5.x antérieures à 1.3.5-p10 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5.x antérieures à 2.4.5-p12 | ||
| Adobe | Commerce | Commerce versions 2.4.7.x antérieures à 2.4.7-p5 | ||
| Adobe | ColdFusion | ColdFusion 2021 versions antérieures à Update 19 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.4.x antérieures à 1.3.4-p12 | ||
| Adobe | Magento | Magento Open Source versions 2.4.4.x antérieures à 2.4.4-p13 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.3.x antérieures à 1.3.3-p13 | ||
| Adobe | ColdFusion | ColdFusion 2023 versions antérieures à Update 13 | ||
| Adobe | Magento | Magento Open Source versions 2.4.8.x antérieures à 2.4.8 | ||
| Adobe | Commerce | Commerce versions 2.4.5.x antérieures à 2.4.5-p12 | ||
| Adobe | Commerce | Commerce versions 2.4.8.x antérieures à 2.4.8 | ||
| Adobe | Commerce | Commerce B2B versions 1.4.x antérieures à 1.4.2-p5 | ||
| Adobe | Commerce | Commerce versions 2.4.6.x antérieures à 2.4.6-p10 | ||
| Adobe | Commerce | Commerce versions 2.4.4.x antérieures à 2.4.4-p13 | ||
| Adobe | ColdFusion | ColdFusion 2025 versions antérieures à Update 1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Commerce B2B versions 1.5.x ant\u00e9rieures \u00e0 1.5.2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7.x ant\u00e9rieures \u00e0 2.4.7-p5",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6.x ant\u00e9rieures \u00e0 2.4.6-p10",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.5.x ant\u00e9rieures \u00e0 1.3.5-p10",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5.x ant\u00e9rieures \u00e0 2.4.5-p12",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.7.x ant\u00e9rieures \u00e0 2.4.7-p5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2021 versions ant\u00e9rieures \u00e0 Update 19",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.4.x ant\u00e9rieures \u00e0 1.3.4-p12",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.4.x ant\u00e9rieures \u00e0 2.4.4-p13",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.3.x ant\u00e9rieures \u00e0 1.3.3-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2023 versions ant\u00e9rieures \u00e0 Update 13",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.8.x ant\u00e9rieures \u00e0 2.4.8",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.5.x ant\u00e9rieures \u00e0 2.4.5-p12",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.8.x ant\u00e9rieures \u00e0 2.4.8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.4.x ant\u00e9rieures \u00e0 1.4.2-p5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.6.x ant\u00e9rieures \u00e0 2.4.6-p10",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.4.x ant\u00e9rieures \u00e0 2.4.4-p13",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2025 versions ant\u00e9rieures \u00e0 Update 1",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30285"
},
{
"name": "CVE-2025-30292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30292"
},
{
"name": "CVE-2025-24446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24446"
},
{
"name": "CVE-2025-30289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30289"
},
{
"name": "CVE-2025-30282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30282"
},
{
"name": "CVE-2025-24447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24447"
},
{
"name": "CVE-2025-30284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30284"
},
{
"name": "CVE-2025-30288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30288"
},
{
"name": "CVE-2025-30287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30287"
},
{
"name": "CVE-2025-27192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27192"
},
{
"name": "CVE-2025-30294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30294"
},
{
"name": "CVE-2025-30290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30290"
},
{
"name": "CVE-2025-30293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30293"
},
{
"name": "CVE-2025-27190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27190"
},
{
"name": "CVE-2025-27189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27189"
},
{
"name": "CVE-2025-30286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30286"
},
{
"name": "CVE-2025-30291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30291"
},
{
"name": "CVE-2025-27188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27188"
},
{
"name": "CVE-2025-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27191"
},
{
"name": "CVE-2025-30281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30281"
}
],
"initial_release_date": "2025-04-09T00:00:00",
"last_revision_date": "2025-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0292",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-26",
"url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB25-15",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html"
}
]
}
CERTFR-2025-AVI-0122
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que la vulnérabilité CVE-2025-24434 fait l'objet d'un correctif spécifique pour Commerce et Magento.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Commerce | Commerce B2B versions 1.5.x antérieures à 1.5.1 | ||
| Adobe | Magento | Magento versions 2.4.6-px antérieures à 2.4.6-p9 | ||
| Adobe | Commerce | Commerce versions 2.4.5-px antérieures à 2.4.5-p11 | ||
| Adobe | Commerce | Commerce B2B versions 1.4.2-px antérieures à 1.4.2-p4 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.5-px antérieures à 1.3.5-p9 | ||
| Adobe | Magento | Magento versions 2.4.5-px antérieures à 2.4.5-p11 | ||
| Adobe | Magento | Magento versions 2.4.4-px antérieures à 2.4.4-p12 | ||
| Adobe | Commerce | Commerce versions 2.4.4-px antérieures à 2.4.7-p4 | ||
| Adobe | Commerce | Commerce versions 2.4.8-x antérieures à 2.4.8-beta2 | ||
| Adobe | Commerce | Commerce versions 2.4.4-px antérieures à 2.4.4-p12 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.3-px antérieures à 1.3.3-p12 | ||
| Adobe | Magento | Magento versions 2.4.8-x antérieures à 2.4.8-beta2 | ||
| Adobe | Magento | Magento versions 2.4.4-px antérieures à 2.4.7-p4 | ||
| Adobe | Commerce | Commerce B2B versions 1.3.4-px antérieures à 1.3.4-p11 | ||
| Adobe | Commerce | Commerce versions 2.4.6-px antérieures à 2.4.6-p9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Commerce B2B versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento versions 2.4.6-px ant\u00e9rieures \u00e0 2.4.6-p9",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.5-px ant\u00e9rieures \u00e0 2.4.5-p11",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.4.2-px ant\u00e9rieures \u00e0 1.4.2-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.5-px ant\u00e9rieures \u00e0 1.3.5-p9",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento versions 2.4.5-px ant\u00e9rieures \u00e0 2.4.5-p11",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento versions 2.4.4-px ant\u00e9rieures \u00e0 2.4.4-p12",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.4-px ant\u00e9rieures \u00e0 2.4.7-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-beta2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.4-px ant\u00e9rieures \u00e0 2.4.4-p12",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.3-px ant\u00e9rieures \u00e0 1.3.3-p12",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento versions 2.4.8-x ant\u00e9rieures \u00e0 2.4.8-beta2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento versions 2.4.4-px ant\u00e9rieures \u00e0 2.4.7-p4",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce B2B versions 1.3.4-px ant\u00e9rieures \u00e0 1.3.4-p11",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.6-px ant\u00e9rieures \u00e0 2.4.6-p9",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2025-24434 fait l\u0027objet d\u0027un correctif sp\u00e9cifique pour Commerce et Magento.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24416"
},
{
"name": "CVE-2025-24425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24425"
},
{
"name": "CVE-2025-24410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24410"
},
{
"name": "CVE-2025-24413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24413"
},
{
"name": "CVE-2025-24409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24409"
},
{
"name": "CVE-2025-24427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24427"
},
{
"name": "CVE-2025-24435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24435"
},
{
"name": "CVE-2025-24419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24419"
},
{
"name": "CVE-2025-24415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24415"
},
{
"name": "CVE-2025-24438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24438"
},
{
"name": "CVE-2025-24432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24432"
},
{
"name": "CVE-2025-24412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24412"
},
{
"name": "CVE-2025-24417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24417"
},
{
"name": "CVE-2025-24430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24430"
},
{
"name": "CVE-2025-24423",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24423"
},
{
"name": "CVE-2025-24426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24426"
},
{
"name": "CVE-2025-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24407"
},
{
"name": "CVE-2025-24424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24424"
},
{
"name": "CVE-2025-24414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24414"
},
{
"name": "CVE-2025-24428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24428"
},
{
"name": "CVE-2025-24420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24420"
},
{
"name": "CVE-2025-24429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24429"
},
{
"name": "CVE-2025-24434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24434"
},
{
"name": "CVE-2025-24437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24437"
},
{
"name": "CVE-2025-24422",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24422"
},
{
"name": "CVE-2025-24408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24408"
},
{
"name": "CVE-2025-24411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24411"
},
{
"name": "CVE-2025-24421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24421"
},
{
"name": "CVE-2025-24406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24406"
},
{
"name": "CVE-2025-24418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24418"
},
{
"name": "CVE-2025-24436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24436"
}
],
"initial_release_date": "2025-02-12T00:00:00",
"last_revision_date": "2025-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0122",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb25-08",
"url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html"
}
]
}
CERTFR-2024-AVI-0972
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Adobe. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Magento versions ant\u00e9rieures \u00e0 3.2.6",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions ant\u00e9rieures \u00e0 3.2.6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-49521",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49521"
}
],
"initial_release_date": "2024-11-13T00:00:00",
"last_revision_date": "2024-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0972",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Adobe. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-90",
"url": "https://helpx.adobe.com/security/products/magento/apsb24-90.html"
}
]
}
CERTFR-2024-AVI-0848
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Commerce | Adobe Commerce versions 2.4.6-x antérieures à 2.4.6-p8 | ||
| Adobe | Commerce | Adobe Commerce B2B versions antérieures à 1.3.3-p11 | ||
| Adobe | Magento | Magento Open Source versions antérieures à 2.4.4-p11 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.5-x antérieures à 2.4.5-p10 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.7-x antérieures à 2.4.7-p3 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p10 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.3.5-x antérieures à 1.3.5-p8 | ||
| Adobe | Commerce | Adobe Commerce versions antérieures à 2.4.4-p11 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.4.2-x antérieures à 1.4.2-p3 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7-x antérieures à 2.4.7-p3 | ||
| Adobe | Commerce | Adobe Commerce B2B versions 1.3.4-x antérieures à 1.3.4-p10 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Commerce versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions ant\u00e9rieures \u00e0 1.3.3-p11",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.4-p11",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p10",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p10",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.3.5-x ant\u00e9rieures \u00e0 1.3.5-p8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions ant\u00e9rieures \u00e0 2.4.4-p11",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.4.2-x ant\u00e9rieures \u00e0 1.4.2-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7-p3",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce B2B versions 1.3.4-x ant\u00e9rieures \u00e0 1.3.4-p10",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p8",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45116"
},
{
"name": "CVE-2024-45131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45131"
},
{
"name": "CVE-2024-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45149"
},
{
"name": "CVE-2024-45118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45118"
},
{
"name": "CVE-2024-45119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45119"
},
{
"name": "CVE-2024-45123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45123"
},
{
"name": "CVE-2024-45125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45125"
},
{
"name": "CVE-2024-45122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45122"
},
{
"name": "CVE-2024-45132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45132"
},
{
"name": "CVE-2024-45121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45121"
},
{
"name": "CVE-2024-45115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45115"
},
{
"name": "CVE-2024-45127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45127"
},
{
"name": "CVE-2024-45128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45128"
},
{
"name": "CVE-2024-45129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45129"
},
{
"name": "CVE-2024-45124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45124"
},
{
"name": "CVE-2024-45130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45130"
},
{
"name": "CVE-2024-45135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45135"
},
{
"name": "CVE-2024-45117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45117"
},
{
"name": "CVE-2024-45120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45120"
},
{
"name": "CVE-2024-45148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45148"
},
{
"name": "CVE-2024-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45133"
},
{
"name": "CVE-2024-45134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45134"
}
],
"initial_release_date": "2024-10-09T00:00:00",
"last_revision_date": "2024-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0848",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Commerce et Magento",
"vendor_advisories": [
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-73",
"url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html"
}
]
}
CERTFR-2024-AVI-0678
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30655 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5.x antérieures à 2.4.5-p9 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 24.002.21005 | ||
| Adobe | Commerce | Commerce versions antérieures à 2.4.4-p10 | ||
| Adobe | Commerce | Commerce versions 2.4.7.x antérieures à 2.4.7-p2 | ||
| Adobe | Commerce | Commerce versions 2.4.6.x antérieures à 2.4.6-p7 | ||
| Adobe | Commerce | Commerce versions 2.4.5.x antérieures à 2.4.5-p9 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6.x antérieures à 2.4.6-p7 | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30159 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7.x antérieures à 2.4.7-p2 | ||
| Adobe | Magento | Magento Open Source versions antérieures à 2.4.4-p10 | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 24.002.21005 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30655 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30655",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5.x ant\u00e9rieures \u00e0 2.4.5-p9",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 24.002.21005",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions ant\u00e9rieures \u00e0 2.4.4-p10",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.7.x ant\u00e9rieures \u00e0 2.4.7-p2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.6.x ant\u00e9rieures \u00e0 2.4.6-p7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.5.x ant\u00e9rieures \u00e0 2.4.5-p9",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6.x ant\u00e9rieures \u00e0 2.4.6-p7",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30159",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7.x ant\u00e9rieures \u00e0 2.4.7-p2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.4-p10",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 24.002.21005",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30655",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-41831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41831"
},
{
"name": "CVE-2024-41832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41832"
},
{
"name": "CVE-2024-39411",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39411"
},
{
"name": "CVE-2024-39413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39413"
},
{
"name": "CVE-2024-39398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39398"
},
{
"name": "CVE-2024-39412",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39412"
},
{
"name": "CVE-2024-39425",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39425"
},
{
"name": "CVE-2024-39424",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39424"
},
{
"name": "CVE-2024-39418",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39418"
},
{
"name": "CVE-2024-39403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39403"
},
{
"name": "CVE-2024-39408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39408"
},
{
"name": "CVE-2024-41835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41835"
},
{
"name": "CVE-2024-39401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39401"
},
{
"name": "CVE-2024-39415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39415"
},
{
"name": "CVE-2024-39426",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39426"
},
{
"name": "CVE-2024-39416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39416"
},
{
"name": "CVE-2024-39402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39402"
},
{
"name": "CVE-2024-39383",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39383"
},
{
"name": "CVE-2024-41833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41833"
},
{
"name": "CVE-2024-39404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39404"
},
{
"name": "CVE-2024-39406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39406"
},
{
"name": "CVE-2024-39423",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39423"
},
{
"name": "CVE-2024-39419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39419"
},
{
"name": "CVE-2024-41830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41830"
},
{
"name": "CVE-2024-39400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39400"
},
{
"name": "CVE-2024-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39410"
},
{
"name": "CVE-2024-39422",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39422"
},
{
"name": "CVE-2024-39414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39414"
},
{
"name": "CVE-2024-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39417"
},
{
"name": "CVE-2024-39405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39405"
},
{
"name": "CVE-2024-39409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39409"
},
{
"name": "CVE-2024-41834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41834"
},
{
"name": "CVE-2024-39407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39407"
},
{
"name": "CVE-2024-39397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39397"
},
{
"name": "CVE-2024-39399",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39399"
}
],
"initial_release_date": "2024-08-14T00:00:00",
"last_revision_date": "2024-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0678",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-61",
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-57",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html"
}
]
}
CERTFR-2024-AVI-0483
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Magento | Magento Open Source versions 2.4.5-px antérieures à 2.4.5-p8 | ||
| Adobe | Commerce | Commerce versions 2.3.7-px-ext-x antérieures à 2.3.7-p4-ext-8 | ||
| Adobe | Commerce | Commerce versions 2.4.5-px antérieures à 2.4.5-p8 | ||
| Adobe | ColdFusion | ColdFusion 2023 sans le correctif de sécurité Update 8 | ||
| Adobe | Commerce | Commerce versions 2.4.0-ext-x antérieures à 2.4.0-ext-8 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7-px antérieures à 2.4.7-p1 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-px antérieures à 2.4.6-p6 | ||
| Adobe | Commerce | Commerce Webhooks Plugin versions 1.2.0 à 1.4.0 antérieures à 1.5.0 | ||
| Adobe | ColdFusion | ColdFusion 2021 sans le correctif de sécurité Update 14 | ||
| Adobe | Commerce | Commerce versions 2.4.2-ext-x antérieures à 2.4.2-ext-8 | ||
| Adobe | Commerce | Commerce versions 2.4.3-ext-x antérieures à 2.4.3-ext-8 | ||
| Adobe | Magento | Magento Open Source versions 2.4.4-px antérieures à 2.4.4-p9 | ||
| Adobe | Commerce | Commerce versions 2.4.7-px antérieures à 2.4.7-p1 | ||
| Adobe | Commerce | Commerce versions 2.4.1-ext-x antérieures à 2.4.1-ext-8 | ||
| Adobe | Commerce | Commerce versions 2.4.4-px antérieures à 2.4.4-p9 | ||
| Adobe | Commerce | Commerce versions 2.4.6-px antérieures à 2.4.6-p6 | ||
| Adobe | Acrobat | Acrobat Android versions antérieures à 24.5.0.33694 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Magento Open Source versions 2.4.5-px ant\u00e9rieures \u00e0 2.4.5-p8",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.3.7-px-ext-x ant\u00e9rieures \u00e0 2.3.7-p4-ext-8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.5-px ant\u00e9rieures \u00e0 2.4.5-p8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2023 sans le correctif de s\u00e9curit\u00e9 Update 8",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.0-ext-x ant\u00e9rieures \u00e0 2.4.0-ext-8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7-px ant\u00e9rieures \u00e0 2.4.7-p1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-px ant\u00e9rieures \u00e0 2.4.6-p6",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce Webhooks Plugin versions 1.2.0 \u00e0 1.4.0 ant\u00e9rieures \u00e0 1.5.0",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2021 sans le correctif de s\u00e9curit\u00e9 Update 14",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.2-ext-x ant\u00e9rieures \u00e0 2.4.2-ext-8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.3-ext-x ant\u00e9rieures \u00e0 2.4.3-ext-8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.4-px ant\u00e9rieures \u00e0 2.4.4-p9",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.7-px ant\u00e9rieures \u00e0 2.4.7-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.1-ext-x ant\u00e9rieures \u00e0 2.4.1-ext-8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.4-px ant\u00e9rieures \u00e0 2.4.4-p9",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.6-px ant\u00e9rieures \u00e0 2.4.6-p6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Android versions ant\u00e9rieures \u00e0 24.5.0.33694",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-34106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34106"
},
{
"name": "CVE-2024-34105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34105"
},
{
"name": "CVE-2024-34103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34103"
},
{
"name": "CVE-2024-34107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34107"
},
{
"name": "CVE-2024-34109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34109"
},
{
"name": "CVE-2024-34111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34111"
},
{
"name": "CVE-2024-34112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34112"
},
{
"name": "CVE-2024-34130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34130"
},
{
"name": "CVE-2024-34110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34110"
},
{
"name": "CVE-2024-34108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34108"
},
{
"name": "CVE-2024-34129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34129"
},
{
"name": "CVE-2024-34102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
},
{
"name": "CVE-2024-34113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34113"
},
{
"name": "CVE-2024-34104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34104"
}
],
"initial_release_date": "2024-06-12T00:00:00",
"last_revision_date": "2024-06-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0483",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-50",
"url": "https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-41",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-40",
"url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
}
]
}
CERTFR-2024-AVI-0284
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p5 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7-x antérieures à 2.4.7 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.4-x antérieures à 2.4.4-p8 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.6-x antérieures à 2.4.6-p5 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p7 | ||
| Adobe | Commerce | Adobe Commerce version 2.3.7-p4-ext-x antérieures à 2.3.7-p4-ext-7 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.1-ext-x antérieures à 2.4.1-ext-7 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.3-ext-x antérieures à 2.4.3-ext-7 | ||
| Adobe | Magento | Magento Open Source versions 2.4.4-x antérieures à 2.4.4-p8 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.2-ext-x antérieures à 2.4.2-ext-7 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.7-x antérieures à 2.4.7 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.0-ext-x antérieures à 2.4.0-ext-7 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.5-x antérieures à 2.4.5-p7 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p5",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7-x ant\u00e9rieures \u00e0 2.4.7",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p8",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p7",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.3.7-p4-ext-x ant\u00e9rieures \u00e0 2.3.7-p4-ext-7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.1-ext-x ant\u00e9rieures \u00e0 2.4.1-ext-7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.3-ext-x ant\u00e9rieures \u00e0 2.4.3-ext-7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p8",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.2-ext-x ant\u00e9rieures \u00e0 2.4.2-ext-7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.7-x ant\u00e9rieures \u00e0 2.4.7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.0-ext-x ant\u00e9rieures \u00e0 2.4.0-ext-7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20758"
},
{
"name": "CVE-2024-20759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20759"
}
],
"initial_release_date": "2024-04-10T00:00:00",
"last_revision_date": "2024-04-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe\u00a0APSB24-18 du 09 avril 2024",
"url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"
}
],
"reference": "CERTFR-2024-AVI-0284",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Adobe\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS)\net une ex\u00e9cution de code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB24-18 du 09 avril 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0123
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et injection de code indirecte à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Commerce | Adobe Commerce version 2.4.4-x antérieures à 2.4.4-p7 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p4 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.3-x antérieures à 2.4.3-ext-6 | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30574 sur Windows et macOS | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30574 sur Windows et macOS | ||
| Adobe | Acrobat Reader DC | Acrobat Reader DC versions antérieures à 23.008.20533 sur Windows et macOS | ||
| Adobe | Acrobat DC | Acrobat DC versions antérieures à 23.008.20533 sur Windows et macOS | ||
| Adobe | Commerce | Adobe Commerce version 2.4.1-x antérieures à 2.4.1-ext-6 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.0-x antérieures à 2.4.0-ext-6 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.5-x antérieures à 2.4.5-p6 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p6 | ||
| Adobe | Commerce | Adobe Commerce version 2.3.7-x antérieures à 2.3.7-p4-ext-6 | ||
| Adobe | Magento | Magento Open Source versions 2.4.4-x antérieures à 2.4.4-p7 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.6-x antérieures à 2.4.6-p4 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.2-x antérieures à 2.4.2-ext-6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Commerce version 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p4",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.3-x ant\u00e9rieures \u00e0 2.4.3-ext-6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30574 sur Windows et macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30574 sur Windows et macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 23.008.20533 sur Windows et macOS",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 23.008.20533 sur Windows et macOS",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.1-x ant\u00e9rieures \u00e0 2.4.1-ext-6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.0-x ant\u00e9rieures \u00e0 2.4.0-ext-6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p6",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.3.7-x ant\u00e9rieures \u00e0 2.3.7-p4-ext-6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p7",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.2-x ant\u00e9rieures \u00e0 2.4.2-ext-6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20726"
},
{
"name": "CVE-2024-20730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20730"
},
{
"name": "CVE-2024-20718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20718"
},
{
"name": "CVE-2024-20719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20719"
},
{
"name": "CVE-2024-20717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20717"
},
{
"name": "CVE-2024-20736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20736"
},
{
"name": "CVE-2024-20747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20747"
},
{
"name": "CVE-2024-20734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20734"
},
{
"name": "CVE-2024-20720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20720"
},
{
"name": "CVE-2024-20748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20748"
},
{
"name": "CVE-2024-20716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20716"
},
{
"name": "CVE-2024-20735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20735"
},
{
"name": "CVE-2024-20749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20749"
},
{
"name": "CVE-2024-20728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20728"
},
{
"name": "CVE-2024-20727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20727"
},
{
"name": "CVE-2024-20733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20733"
},
{
"name": "CVE-2024-20729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20729"
},
{
"name": "CVE-2024-20731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20731"
}
],
"initial_release_date": "2024-02-14T00:00:00",
"last_revision_date": "2024-02-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0123",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Adobe\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et injection de code indirecte\n\u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-07 du 13 f\u00e9vrier 2024",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-03 du 13 f\u00e9vrier 2024",
"url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
}
]
}
CERTFR-2023-AVI-0833
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une élévation de privilèges et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Commerce | Adobe Commerce version 2.4.6-p2 antérieures à 2.4.6-p3 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.7-beta1 antérieures à 2.4.7-beta2 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.4-p5 antérieures à 2.4.4-p6 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.3-ext-4 antérieures à 2.4.3-ext-5 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.0-ext-4 antérieures à 2.4.0-ext-5 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-p4 antérieures à 2.4.5-p5 | ||
| Adobe | Commerce | Adobe Commerce version 2.3.7-p4-ext-4 antérieures à 2.3.7-p4-ext-5 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7-beta1 antérieures à 2.4.7-beta2 | ||
| Adobe | Magento | Magento Open Source versions 2.4.4-p5 antérieures à 2.4.4-p6 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.1-ext-4 antérieures à 2.4.1-ext-5 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.2-ext-4 antérieures à 2.4.2-ext-5 | ||
| Adobe | Commerce | Adobe Commerce version 2.4.5-p4 antérieures à 2.4.5-p5 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-p2 antérieures à 2.4.6-p3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Commerce version 2.4.6-p2 ant\u00e9rieures \u00e0 2.4.6-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.7-beta1 ant\u00e9rieures \u00e0 2.4.7-beta2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.4-p5 ant\u00e9rieures \u00e0 2.4.4-p6",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.3-ext-4 ant\u00e9rieures \u00e0 2.4.3-ext-5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.0-ext-4 ant\u00e9rieures \u00e0 2.4.0-ext-5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-p4 ant\u00e9rieures \u00e0 2.4.5-p5",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.3.7-p4-ext-4 ant\u00e9rieures \u00e0 2.3.7-p4-ext-5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7-beta1 ant\u00e9rieures \u00e0 2.4.7-beta2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.4-p5 ant\u00e9rieures \u00e0 2.4.4-p6",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.1-ext-4 ant\u00e9rieures \u00e0 2.4.1-ext-5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.2-ext-4 ant\u00e9rieures \u00e0 2.4.2-ext-5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce version 2.4.5-p4 ant\u00e9rieures \u00e0 2.4.5-p5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-p2 ant\u00e9rieures \u00e0 2.4.6-p3",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38249"
},
{
"name": "CVE-2023-26367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26367"
},
{
"name": "CVE-2023-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38251"
},
{
"name": "CVE-2023-26366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26366"
},
{
"name": "CVE-2023-38221",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38221"
},
{
"name": "CVE-2023-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38219"
},
{
"name": "CVE-2023-26368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26368"
},
{
"name": "CVE-2023-38220",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38220"
},
{
"name": "CVE-2023-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38218"
},
{
"name": "CVE-2023-38250",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38250"
}
],
"initial_release_date": "2023-10-12T00:00:00",
"last_revision_date": "2023-10-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe\u00a0apsb23-50 du 10 octobre 2023",
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html"
}
],
"reference": "CERTFR-2023-AVI-0833",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Adobe\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-50 du 10 octobre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0636
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30516.10516 sur macOS | ||
| Adobe | Magento | Magento Open Source versions 2.4.4-x antérieures à 2.4.4-p5 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.6-x antérieures à 2.4.6-p2 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30514.10514 sur Windows | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.2-x antérieures à 2.4.2-ext-4 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.1-x antérieures à 2.4.1-ext-4 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.4-x antérieures à 2.4.4-p5 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p4 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.3-x antérieures à 2.4.3-ext-4 | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30516.10516 sur macOS | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p2 | ||
| Adobe | Commerce | Adobe Commerce versions 2.3.7-x antérieures à 2.3.7-p4-ext-4 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.5-x antérieures à 2.4.5-p4 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.0-x antérieures à 2.4.0-ext-4 | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30514.10514 sur Windows | ||
| Adobe | Acrobat Reader DC | Acrobat Reader DC versions antérieures à 23.003.20269 sur Windows et macOS | ||
| Adobe | Acrobat DC | Acrobat DC versions antérieures à 23.003.20269 sur Windows et macOS |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30516.10516 sur macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p5",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30514.10514 sur Windows",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.2-x ant\u00e9rieures \u00e0 2.4.2-ext-4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.1-x ant\u00e9rieures \u00e0 2.4.1-ext-4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p4",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.3-x ant\u00e9rieures \u00e0 2.4.3-ext-4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30516.10516 sur macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.3.7-x ant\u00e9rieures \u00e0 2.3.7-p4-ext-4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.0-x ant\u00e9rieures \u00e0 2.4.0-ext-4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30514.10514 sur Windows",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 23.003.20269 sur Windows et macOS",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 23.003.20269 sur Windows et macOS",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-38243",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38243"
},
{
"name": "CVE-2023-38207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38207"
},
{
"name": "CVE-2023-38241",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38241"
},
{
"name": "CVE-2023-38235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38235"
},
{
"name": "CVE-2023-38227",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38227"
},
{
"name": "CVE-2023-38239",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38239"
},
{
"name": "CVE-2023-29303",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29303"
},
{
"name": "CVE-2023-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38245"
},
{
"name": "CVE-2023-38228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38228"
},
{
"name": "CVE-2023-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38222"
},
{
"name": "CVE-2023-29320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29320"
},
{
"name": "CVE-2023-38234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38234"
},
{
"name": "CVE-2023-38225",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38225"
},
{
"name": "CVE-2023-38232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38232"
},
{
"name": "CVE-2023-38240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38240"
},
{
"name": "CVE-2023-38224",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38224"
},
{
"name": "CVE-2023-38230",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38230"
},
{
"name": "CVE-2023-38247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38247"
},
{
"name": "CVE-2023-38223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38223"
},
{
"name": "CVE-2023-38237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38237"
},
{
"name": "CVE-2023-29299",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29299"
},
{
"name": "CVE-2023-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38226"
},
{
"name": "CVE-2023-38238",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38238"
},
{
"name": "CVE-2023-38242",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38242"
},
{
"name": "CVE-2023-38236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38236"
},
{
"name": "CVE-2023-38246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38246"
},
{
"name": "CVE-2023-38208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38208"
},
{
"name": "CVE-2023-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38229"
},
{
"name": "CVE-2023-38209",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38209"
},
{
"name": "CVE-2023-38244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38244"
},
{
"name": "CVE-2023-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38248"
},
{
"name": "CVE-2023-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38231"
},
{
"name": "CVE-2023-38233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38233"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0636",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-42 du 08 ao\u00fbt 2023",
"url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-30 du 08 ao\u00fbt 2023",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-30.html"
}
]
}
CERTFR-2023-AVI-0455
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Adobe Commerce et Magento. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Commerce | Adobe Commerce versions 2.4.2-x antérieures à 2.4.2-ext-3 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6-x antérieures à 2.4.6-p1 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.3-x antérieures à 2.4.3-ext-3 | ||
| Adobe | Magento | Magento Open Source versions antérieures à 2.4.4-p4 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.6-x antérieures à 2.4.6-p1 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5-x antérieures à 2.4.5-p3 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.5-x antérieures à 2.4.5-p3 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.1-x antérieures à 2.4.1-ext-3 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.4-x antérieures à 2.4.4-p4 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.0-x antérieures à 2.4.0-ext-3 | ||
| Adobe | Commerce | Adobe Commerce versions antérieures à 2.3.7-p4-ext-3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Commerce versions 2.4.2-x ant\u00e9rieures \u00e0 2.4.2-ext-3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.3-x ant\u00e9rieures \u00e0 2.4.3-ext-3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.4-p4",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.6-x ant\u00e9rieures \u00e0 2.4.6-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p3",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.5-x ant\u00e9rieures \u00e0 2.4.5-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.1-x ant\u00e9rieures \u00e0 2.4.1-ext-3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.4-x ant\u00e9rieures \u00e0 2.4.4-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.0-x ant\u00e9rieures \u00e0 2.4.0-ext-3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions ant\u00e9rieures \u00e0 2.3.7-p4-ext-3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29294",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29294"
},
{
"name": "CVE-2023-29291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29291"
},
{
"name": "CVE-2023-29293",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29293"
},
{
"name": "CVE-2023-29289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29289"
},
{
"name": "CVE-2023-29297",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29297"
},
{
"name": "CVE-2023-29295",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29295"
},
{
"name": "CVE-2023-29287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29287"
},
{
"name": "CVE-2023-29296",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29296"
},
{
"name": "CVE-2023-29288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29288"
},
{
"name": "CVE-2023-29290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29290"
},
{
"name": "CVE-2023-29292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29292"
},
{
"name": "CVE-2023-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22248"
}
],
"initial_release_date": "2023-06-14T00:00:00",
"last_revision_date": "2023-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0455",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Commerce et\nMagento. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Commerce et Magento",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb23-35 du 13 juin 2023",
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
}
]
}
CERTFR-2023-AVI-0227
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
L'éditeur indique que la vulnérabilité CVE-2023-26360 est exploitée dans le cadre d'attaques ciblées.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | ColdFusion | ColdFusion 2021 versions antérieures à Update 6 | ||
| Adobe | ColdFusion | ColdFusion 2018 versions antérieures à Update 16 | ||
| Adobe | Magento | Magento Open Source 2.4.4.x versions antérieures à 2.4.4-p3 | ||
| Adobe | Commerce | Adobe Commerce 2.4.4.x versions antérieures à 2.4.4-p3 | ||
| Adobe | Commerce | Adobe Commerce 2.4.5.x versions antérieures à 2.4.5-p2 | ||
| Adobe | Magento | Magento Open Source 2.4.5.x versions antérieures à 2.4.5-p2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ColdFusion 2021 versions ant\u00e9rieures \u00e0 Update 6",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2018 versions ant\u00e9rieures \u00e0 Update 16",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source 2.4.4.x versions ant\u00e9rieures \u00e0 2.4.4-p3",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce 2.4.4.x versions ant\u00e9rieures \u00e0 2.4.4-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce 2.4.5.x versions ant\u00e9rieures \u00e0 2.4.5-p2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source 2.4.5.x versions ant\u00e9rieures \u00e0 2.4.5-p2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22247"
},
{
"name": "CVE-2023-22250",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22250"
},
{
"name": "CVE-2023-26359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26359"
},
{
"name": "CVE-2023-26360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26360"
},
{
"name": "CVE-2023-26361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26361"
},
{
"name": "CVE-2023-22249",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22249"
},
{
"name": "CVE-2023-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22251"
}
],
"initial_release_date": "2023-03-15T00:00:00",
"last_revision_date": "2023-03-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe\u00a0APSB23-25 du 14 mars 2023",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html"
}
],
"reference": "CERTFR-2023-AVI-0227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eAdobe\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS), un\ncontournement de la politique de s\u00e9curit\u00e9, une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nL\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2023-26360 est exploit\u00e9e dans\nle cadre d\u0027attaques cibl\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB23-17 du 14 mars 2023",
"url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB23-25 du 14 mars 2023",
"url": null
}
]
}
CERTFR-2022-AVI-920
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | ColdFusion | ColdFusion 2021 versions antérieures à Update 5 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.4x antérieures à 2.4.4-p2 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5x antérieures à 2.4.5-p1 | ||
| Adobe | Magento | Magento Open Source versions 2.4.4x antérieures à 2.4.4-p2 | ||
| Adobe | Acrobat Reader DC | Acrobat Reader DC versions antérieures à 22.003.20258 | ||
| Adobe | Acrobat DC | Acrobat DC versions antérieures à 22.003.20258 | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30407 | ||
| Adobe | ColdFusion | ColdFusion 2018 versions antérieures à Update 15 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.5x antérieures à 2.4.5-p1 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30407 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ColdFusion 2021 versions ant\u00e9rieures \u00e0 Update 5",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.4x ant\u00e9rieures \u00e0 2.4.4-p2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5x ant\u00e9rieures \u00e0 2.4.5-p1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.4x ant\u00e9rieures \u00e0 2.4.4-p2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 22.003.20258",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 22.003.20258",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30407",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "ColdFusion 2018 versions ant\u00e9rieures \u00e0 Update 15",
"product": {
"name": "ColdFusion",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.5x ant\u00e9rieures \u00e0 2.4.5-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30407",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-42342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42342"
},
{
"name": "CVE-2022-42339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42339"
},
{
"name": "CVE-2022-35712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35712"
},
{
"name": "CVE-2022-35711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35711"
},
{
"name": "CVE-2022-35690",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35690"
},
{
"name": "CVE-2022-35689",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35689"
},
{
"name": "CVE-2022-35710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35710"
},
{
"name": "CVE-2022-38422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38422"
},
{
"name": "CVE-2022-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42340"
},
{
"name": "CVE-2022-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38420"
},
{
"name": "CVE-2022-35691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35691"
},
{
"name": "CVE-2022-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38424"
},
{
"name": "CVE-2022-38423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38423"
},
{
"name": "CVE-2022-38421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38421"
},
{
"name": "CVE-2022-38449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38449"
},
{
"name": "CVE-2022-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38419"
},
{
"name": "CVE-2022-38437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38437"
},
{
"name": "CVE-2022-35698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35698"
},
{
"name": "CVE-2022-38450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38450"
},
{
"name": "CVE-2022-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38418"
},
{
"name": "CVE-2022-42341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42341"
}
],
"initial_release_date": "2022-10-17T00:00:00",
"last_revision_date": "2022-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-920",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-44 du 11 octobre 2022",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-48 du 12 octobre 2022",
"url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-46 du 11 octobre 2022",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html"
}
]
}
CERTFR-2022-AVI-726
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader | Acrobat Reader 2017 versions antérieures à 17.012.30262 | ||
| Adobe | Commerce | Adobe Commerce versions 2.3.x antérieures à 2.3.7-p4 | ||
| Adobe | Acrobat DC | Acrobat DC versions antérieures à 22.002.20191 | ||
| Adobe | Magento | Magento Open Source versions 2.3.x antérieures à 2.3.7-p4 | ||
| Adobe | Acrobat Reader DC | Acrobat Reader DC versions antérieures à 22.002.20191 | ||
| Adobe | Magento | Magento Open Source versions 2.3.x antérieures à 2.4.3-p3, 2.4.4-p1 ou 2.4.5 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.x antérieures à 2.4.3-p3, 2.4.4-p1 ou 2.4.5 | ||
| Adobe | Acrobat | Acrobat 2017 versions antérieures à 17.012.30262 | ||
| Adobe | Acrobat Reader | Acrobat Reader versions antérieures à 2020 20.005.30381 | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30381 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat Reader 2017 versions ant\u00e9rieures \u00e0 17.012.30262",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.3.x ant\u00e9rieures \u00e0 2.3.7-p4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 22.002.20191",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.3.x ant\u00e9rieures \u00e0 2.3.7-p4",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 22.002.20191",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.3.x ant\u00e9rieures \u00e0 2.4.3-p3, 2.4.4-p1 ou 2.4.5",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.x ant\u00e9rieures \u00e0 2.4.3-p3, 2.4.4-p1 ou 2.4.5",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2017 versions ant\u00e9rieures \u00e0 17.012.30262",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader versions ant\u00e9rieures \u00e0 2020 20.005.30381",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30381",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35667"
},
{
"name": "CVE-2022-34258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34258"
},
{
"name": "CVE-2022-34253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34253"
},
{
"name": "CVE-2022-34256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34256"
},
{
"name": "CVE-2022-34257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34257"
},
{
"name": "CVE-2022-35670",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35670"
},
{
"name": "CVE-2022-35678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35678"
},
{
"name": "CVE-2022-35666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35666"
},
{
"name": "CVE-2022-35671",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35671"
},
{
"name": "CVE-2022-34254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34254"
},
{
"name": "CVE-2022-35665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35665"
},
{
"name": "CVE-2022-34259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34259"
},
{
"name": "CVE-2022-34255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34255"
},
{
"name": "CVE-2022-35668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35668"
}
],
"initial_release_date": "2022-08-10T00:00:00",
"last_revision_date": "2022-08-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-726",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-39 du 09 ao\u00fbt 2022",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-39.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-38 du 09 ao\u00fbt 2022",
"url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html"
}
]
}
CERTFR-2022-AVI-333
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat DC | Acrobat DC pour Windows versions antérieures à 22.001.20117 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 pour Mac versions antérieures à 20.005.30331 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 pour Windows versions antérieures à 20.005.30334 | ||
| Adobe | Acrobat | Acrobat 2017 pour Mac versions antérieures à 17.012.30227 | ||
| Adobe | Commerce | Adobe Commerce versions 2.4.x antérieures à 2.4.3-p2, 2.4.4 | ||
| Adobe | Acrobat Reader DC | Acrobat Reader DC pour Mac versions antérieures à 22.001.20112 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2017 pour Windows versions antérieures à 17.012.30229 | ||
| Adobe | Commerce | Adobe Commerce versions 2.3.x antérieures à 2.3.7-p3 | ||
| Adobe | Magento | Magento Open Source versions 2.4.x antérieures 2.4.3-p2, 2.4.4 | ||
| Adobe | Acrobat Reader DC | Acrobat Reader DC pour Windows versions antérieures à 22.001.20117 | ||
| Adobe | Acrobat | Acrobat 2020 pour Mac versions antérieures à 20.005.30331 | ||
| Adobe | Magento | Magento Open Source versions 2.3.x antérieures à 2.3.7-p3 | ||
| Adobe | Acrobat | Acrobat 2017 pour Windows versions antérieures à 17.012.30229 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2017 pour Mac versions antérieures à 17.012.30227 | ||
| Adobe | Acrobat | Acrobat 2020 pour Windows versions antérieures à 20.005.30334 | ||
| Adobe | Acrobat DC | Acrobat DC pour Mac versions antérieures à 22.001.20112 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat DC pour Windows versions ant\u00e9rieures \u00e0 22.001.20117",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 pour Mac versions ant\u00e9rieures \u00e0 20.005.30331",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 pour Windows versions ant\u00e9rieures \u00e0 20.005.30334",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2017 pour Mac versions ant\u00e9rieures \u00e0 17.012.30227",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.4.x ant\u00e9rieures \u00e0 2.4.3-p2, 2.4.4",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC pour Mac versions ant\u00e9rieures \u00e0 22.001.20112",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2017 pour Windows versions ant\u00e9rieures \u00e0 17.012.30229",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions 2.3.x ant\u00e9rieures \u00e0 2.3.7-p3",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.x ant\u00e9rieures 2.4.3-p2, 2.4.4",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC pour Windows versions ant\u00e9rieures \u00e0 22.001.20117",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 pour Mac versions ant\u00e9rieures \u00e0 20.005.30331",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.3.x ant\u00e9rieures \u00e0 2.3.7-p3",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2017 pour Windows versions ant\u00e9rieures \u00e0 17.012.30229",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2017 pour Mac versions ant\u00e9rieures \u00e0 17.012.30227",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 pour Windows versions ant\u00e9rieures \u00e0 20.005.30334",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC pour Mac versions ant\u00e9rieures \u00e0 22.001.20112",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-28242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28242"
},
{
"name": "CVE-2022-27798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27798"
},
{
"name": "CVE-2022-28236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28236"
},
{
"name": "CVE-2022-27791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27791"
},
{
"name": "CVE-2022-28263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28263"
},
{
"name": "CVE-2022-28269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28269"
},
{
"name": "CVE-2022-28259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28259"
},
{
"name": "CVE-2022-27790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27790"
},
{
"name": "CVE-2022-28235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28235"
},
{
"name": "CVE-2022-24101",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24101"
},
{
"name": "CVE-2022-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28241"
},
{
"name": "CVE-2022-27787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27787"
},
{
"name": "CVE-2022-28257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28257"
},
{
"name": "CVE-2022-27786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27786"
},
{
"name": "CVE-2022-28248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28248"
},
{
"name": "CVE-2022-28264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28264"
},
{
"name": "CVE-2022-28237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28237"
},
{
"name": "CVE-2022-28249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28249"
},
{
"name": "CVE-2022-28254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28254"
},
{
"name": "CVE-2022-28262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28262"
},
{
"name": "CVE-2022-27800",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27800"
},
{
"name": "CVE-2022-27797",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27797"
},
{
"name": "CVE-2022-28230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28230"
},
{
"name": "CVE-2022-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27789"
},
{
"name": "CVE-2022-28245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28245"
},
{
"name": "CVE-2022-24104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24104"
},
{
"name": "CVE-2022-24103",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24103"
},
{
"name": "CVE-2022-24093",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24093"
},
{
"name": "CVE-2022-27795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27795"
},
{
"name": "CVE-2022-28238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28238"
},
{
"name": "CVE-2022-27793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27793"
},
{
"name": "CVE-2022-27799",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27799"
},
{
"name": "CVE-2022-28260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28260"
},
{
"name": "CVE-2022-28244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28244"
},
{
"name": "CVE-2022-24102",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24102"
},
{
"name": "CVE-2022-28250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28250"
},
{
"name": "CVE-2022-28253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28253"
},
{
"name": "CVE-2022-28265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28265"
},
{
"name": "CVE-2022-28239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28239"
},
{
"name": "CVE-2022-28243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28243"
},
{
"name": "CVE-2022-28255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28255"
},
{
"name": "CVE-2022-28246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28246"
},
{
"name": "CVE-2022-28252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28252"
},
{
"name": "CVE-2022-28267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28267"
},
{
"name": "CVE-2022-28261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28261"
},
{
"name": "CVE-2022-28231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28231"
},
{
"name": "CVE-2022-28232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28232"
},
{
"name": "CVE-2022-28266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28266"
},
{
"name": "CVE-2022-28247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28247"
},
{
"name": "CVE-2022-28251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28251"
},
{
"name": "CVE-2022-27802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27802"
},
{
"name": "CVE-2022-27801",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27801"
},
{
"name": "CVE-2022-27785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27785"
},
{
"name": "CVE-2022-28240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28240"
},
{
"name": "CVE-2022-28256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28256"
},
{
"name": "CVE-2022-27796",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27796"
},
{
"name": "CVE-2022-28268",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28268"
},
{
"name": "CVE-2022-27792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27792"
},
{
"name": "CVE-2022-28258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28258"
},
{
"name": "CVE-2022-28233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28233"
},
{
"name": "CVE-2022-27788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27788"
},
{
"name": "CVE-2022-27794",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27794"
},
{
"name": "CVE-2022-28234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28234"
}
],
"initial_release_date": "2022-04-13T00:00:00",
"last_revision_date": "2022-04-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-333",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-16 du 12 avril 2022",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-13 du 12 avril 2022",
"url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
}
]
}
CERTFR-2021-AVI-779
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Adobe. Elle permet à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Commerce versions ant\u00e9rieures \u00e0 2.3.7-p2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.3-p1",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Commerce versions ant\u00e9rieures \u00e0 2.4.3-p1",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.3.7-p2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2021-10-13T00:00:00",
"last_revision_date": "2021-10-13T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-779",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Adobe. Elle permet\n\u00e0 un attaquant de provoquer une injection de requ\u00eates ill\u00e9gitimes par\nrebond (CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb21-86 du 12 octobre 2021",
"url": "https://helpx.adobe.com/security/products/magento/apsb21-86.html"
}
]
}