Adobe’s latest Patch Tuesday updates fix 123 vulnerabilities across 11 products.
Of the total, 57 vulnerabilities were patched in Adobe Experience Manager. The vast majority are XSS flaws that allow arbitrary code execution, and three issues have been described as improper input validation that can lead to a security feature bypass.
Two critical issues with a CVSS score of 10, both allowing arbitrary code execution, have been patched in Adobe Campaign Classic.
In ColdFusion, Adobe resolved seven vulnerabilities, including critical and high-severity issues that could allow arbitrary code execution, privilege escalation, and bypass of security features.
Twenty security holes have been fixed in Acrobat and Reader for Windows and macOS, including code execution, DoS, and memory exposure bugs.
