Patch/Configuration Management, Vulnerability Management

Adobe offers up a light Patch Tuesday for April

Adobe issued a mild batch of Patch Tuesday security update for April covering three products with all vulnerabilities being rated as important.

ColdFusion 2016 and 2018 received patches for CVE-2020-3767, an insufficient input validation issue that can lead to an application-level DoS situation;  CVE-2020-3768 is a DLL search-order hijacking problem that can lead to Privilege escalation and CVE-2020-3796 is an improper access control issue potentially leading to a system file structure disclosure.

The update for Adobe After Effects version 17.0.6 for Windows and macOS saw CVE-2020-3809 being issued to fix an out-of-bounds read vulnerability that if exploited could lead to information disclosure.

Adobe Digital Editions version 4.5.11.187212 and below for Windows received CVE-2020-3798 for a file enumeration at the host or local network level that could lead to information disclosure.

None of the ColdFusion, Adobe After Affects or Adobe Digital Editions vulnerabilities are being exploited in the wild and patches have been issued for all the vulnerabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.