Adobe officially released the April security update on April 14 , which fixed multiple vulnerabilities in Adobe products, including Adobe ColdFusion, Adobe After Effects, and Adobe Digital Editions.
Vulnerability overview
- Adobe ColdFusion
Adobe has released a security update for Adobe ColdFusion, which fixes three security vulnerabilities.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE vulnerability number |
|---|---|---|---|
| Insufficient input validation | Application-level denial of service (DoS) | serious | CVE-2020-3767 |
| DLL search order hijacking | Elevation of privilege | serious | CVE-2020-3768 |
| Improper access control | Open system file structure | serious | CVE-2020-3796 |
- Adobe After Effects
Adobe has released a security update for Adobe After Effects, which fixes a security hole.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE vulnerability number |
| Read out of bounds | Information leakage | serious | CVE-2020-3809 |
- Adobe Digital Editions
Adobe has released a security update for Adobe Digital Editions, which fixes a security hole.
| Vulnerability category | Vulnerability impact | severity | CVE vulnerability number |
| File enumeration (host or local network) | Information leakage | serious | CVE-2020-3798 |
Solution:
Adobe official has released a new version to fix the above vulnerabilities, users should upgrade to the latest version in time for protection.
