Adobe June Patch Tuesday Addressed Critical Security Vulnerabilities In ColdFusion, Campaign And Flash

  • 2

Adobe June Patch Tuesday updates are now out with numerous security fixes. This month, Adobe addressed numerous critical vulnerabilities in Adobe Flash Player, Adobe Campaign, and Adobe ColdFusion. This month’s updates include relatively lesser vulnerability fixes as compared to the Adobe May updates.

Critical Flaws Fixed With Adobe June Patch Tuesday

The Adobe June Patch Tuesday updates have addressed numerous critical vulnerabilities in Adobe ColdFusion, Adobe Campaign, and Adobe Flash Player.

Adobe has patched three different critical vulnerabilities in ColdFusion. As described in Adobe’s advisory, the flaws could allow arbitrary code execution upon exploit. Reportedly, the flaws include a file extension blacklist bypass (CVE-2019-7838), command injection vulnerability (CVE-2019-7839), and deserialization of untrusted data (CVE-2019-7840).

These vulnerabilities caught Adobe’s attention after different researchers reported them to the vendors. The products affected by these vulnerabilities include ColdFusion 2018 (Update 3 and prior), ColdFusion 2016 (Update 10 and earlier versions), and ColdFusion 11 (Update 18 and before). Adobe has fixed the flaws with the release of ColdFusion 2018 (Update 4), ColdFusion 2016 (Update 11), and ColdFusion 11 (Update 19) respectively.

In another advisory, Adobe confirmed the patch for a critical command injection vulnerability (CVE-2019-7850) in Adobe Campaign Classic. Adobe also released a fix for a critical use after free vulnerability (CVE-2019-7845) affecting Adobe Flash Player. Both these flaws CVE-2019-7850 and CVE-2019-7845 could allow arbitrary code execution upon exploit.

Other Vulnerabilities Affecting Adobe Campaign

Apart from the critical vulnerability, there were also numerous other vulnerabilities in Adobe Campaign, for which, Adobe has released patches. As stated in the advisory, the updates address three important security vulnerabilities and three moderate severity flaws that affected Adobe Campaign Classic versions 18.10.5-8984 and earlier.

The important severity vulnerabilities include insufficient input validation (CVE-2019-7843) and sensitive data in source code (CVE-2019-7849) that could result in information disclosure. Moreover, another important flaw CVE-2019-7847 could result in arbitrary read access to the file system.

Whereas, the three moderate severity flaws include information exposure through an error message (CVE-2019-7941), improper error handling (CVE-2019-7846), and inadequate access control (CVE-2019-7848). All three of these could result in information disclosure upon exploit.

Adobe has fixed all security vulnerabilities with the release of Adobe Campaign version 19.1.1-9026.

Take your time to comment on this article.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!