Adobe has released security updates to address multiple critical vulnerabilities across several of its widely-used software products. The patches address flaws that could potentially lead to code execution attacks, unauthorized access, and information disclosure.
The most critical vulnerability, tracked as CVE-2024-30299 with a CVSS score of 10.0, impacts Adobe FrameMaker Publishing Server that could allow an unauthenticated attacker to execute arbitrary code on the server, potentially leading to a full system compromise.
The next vulnerability tracked as CVE-2024-34102 with a CVSS score of 9.8 found with Adobe Commerce, resides in XML External Entity (XXE) vulnerability. The open-source Magento platform, associated with Adobe Commerce, is also impacted by these updates.
Other products receiving updates for critical vulnerabilities include Adobe Experience Manager, Adobe Creative Cloud Desktop, Adobe Photoshop, and Adobe Substance 3D Stager. These vulnerabilities range in severity, with potential impacts including unauthorized access, information disclosure, and arbitrary code execution.
While Adobe is not currently aware of any active exploitation of these vulnerabilities, Users are strongly advised to update their software to the latest versions immediately to mitigate the risk of exploitation.
