Adobe Tuesday released security updates that address three security issues affecting its ColdFusion, LiveCycle DS, and Premiere Clip 9 products.
The ColdFusion vulnerabilty affected versions 11 and 10 of the product. “This hotfix resolves two input validation issues that could be used in reflected cross-site scripting attacks.” The update also resolves a vulnerability that allowed server-side request forgery.
The LiveCycle DS update addresses a server-side request forgery vulnerability, and affects versions 4.7, 4.6.2, 4.5, 3.1, and 3.0.x of the product on the Windows, Macintosh and Unix operating systems.
The update for Premiere Clip resolves an input validation issue in the mobile application. The issue affected iOS version 1.1.1 and earlier versions.
The security vulnerabilities discovered in the ColdFusion and LiveCycle DS products were assigned a priority rating of 2, while Adobe assigned the Premiere Clip security issue a level 3 priority rating.
Adobe was not aware of any exploits of any of the vulnerabilities, the company said in a security bulletin, crediting James Kettle of PortSwigger Web Security, Fortinet’s FortiGuard Labs, and the Vulnerability Laboratory Research Team with reporting the vulnerabilities.