Adobe’s July 2019 Patch Tuesday included updates for its Adobe Bridge CC , Adobe Experience Manager and Adobe Dreamweaver products.
The updates for Experience Manager patched three vulnerabilities, while Bridge and Dreamweaver updates each have one, none of which are labeled as “critical,” and the highest rated vulnerability for each software is rated “important,” according to a July 9 Security Bulletin.
"Experience Manager resolved three vulnerabilities including one Moderate and two Important," Chris Goettl, Ivanti's director of product management, security, told SC Media. "Flash Player did not include CVEs by the looks of it."
The Adobe Bridge CC update addresses a vulnerability rated “important” that occurs when parsing malformed SVG images and can result in an out-of-bounds memory read which leads to information (memory address) disclosure in the context of current user.
The Adobe Experience Manager updates include one reflected cross-site scripting vulnerability rated “moderate,” one stored cross-site scripting vulnerability rated “important,” and one cross-site request forgery vulnerability rated “Important” that could result in sensitive information disclosure.
The Adobe Dreamweaver updates address an insecure library loading vulnerability in the installer rated “important” that could lead to privilege escalation.