Matt Molinyawe

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling the `ANSendForSharedReview` function until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the vulnerable JavaScript API to minimize the risk of exploitation. For Adobe Reader, avoid using the JavaScript API in the affected versions until the issue is resolved. For Adobe Reader Document Cloud, consider applying configuration changes to limit the execution of JavaScript code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in the ANAuthenticateResource method, which can be exploited by a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the ANAuthenticateResource method to minimize the risk of exploitation. For Adobe Reader, avoid using the JavaScript API in sensitive environments until the issue is resolved. For Adobe Reader Document Cloud, limit the use of the ANAuthenticateResource method to necessary operations only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to sensitive functions to minimize the risk of exploitation. For Adobe Reader, avoid using the `ANSendForBrowserReview` function in affected API endpoints until the issue is resolved. For Adobe Reader Document Cloud, limit the use of JavaScript API to prevent bypassing restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the ANShareFile2 method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the ANShareFile2 method issue. For Adobe Acrobat Document Cloud, update to a version that addresses the ANShareFile2 method issue. For Adobe Reader, update to a version that addresses the ANShareFile2 method issue. For Adobe Reader Document Cloud, update to a version that addresses the ANShareFile2 method issue. As a temporary workaround, consider disabling the `ANShareFile2` method until a patch is available. Restrict access to the JavaScript API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Reader versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in the CBAutoConfigCommentRepository method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBAutoConfigCommentRepository method issue. For Adobe Acrobat Reader, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the CBAutoConfigCommentRepository method until a fix is released. For Adobe Reader, avoid using the affected JavaScript API until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the `CBAutoConfigCommentRepository` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in the ANSendForFormDistribution method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling the `ANSendForFormDistribution` method until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the affected JavaScript API to minimize the risk of exploitation. For Adobe Reader, avoid using the JavaScript API in the affected versions until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider restricting the use of the `ANSendForFormDistribution` method until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the DynamicAnnotStore method of Adobe PDF editing and viewing software. This can be exploited by a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the DynamicAnnotStore method issue. For Adobe Acrobat Document Cloud, restrict access to the DynamicAnnotStore method until a patch is available. For Adobe Reader, consider disabling JavaScript execution in Adobe Reader until the issue is resolved. For Adobe Reader Document Cloud, avoid using the DynamicAnnotStore method in Adobe Reader Document Cloud until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the CBSharedReviewIfOfflineDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBSharedReviewIfOfflineDialog method issue. For Adobe Acrobat Document Cloud, restrict access to the CBSharedReviewIfOfflineDialog method until a patch is available. For Adobe Reader, consider disabling JavaScript execution in Adobe Reader until the issue is resolved. For Adobe Reader Document Cloud, avoid using the CBSharedReviewIfOfflineDialog method in Adobe Reader Document Cloud until a fix is provided. As a temporary workaround, consider restricting access to JavaScript API execution in Adobe Acrobat and Adobe Reader to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the CBSharedReviewCloseDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can be exploited by a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBSharedReviewCloseDialog method issue. For Adobe Acrobat Document Cloud, consider restricting access to the CBSharedReviewCloseDialog method until a patch is available. For Adobe Reader, avoid using the JavaScript API in the affected CBSharedReviewCloseDialog method until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the execution of JavaScript in the CBSharedReviewCloseDialog method until a fix is provided.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to sensitive functions to minimize the risk of exploitation. For Adobe Reader, avoid using the `ANRunSharedReviewEmailStep` function in the affected API endpoint until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the execution of JavaScript code in PDF files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the CBSharedReviewSecurityDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBSharedReviewSecurityDialog method issue. For Adobe Acrobat Document Cloud, consider restricting access to the CBSharedReviewSecurityDialog method until a patch is available. For Adobe Reader, avoid using the JavaScript API in the affected CBSharedReviewSecurityDialog method until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the execution of JavaScript in the CBSharedReviewSecurityDialog method until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the CBSharedReviewStatusDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can be exploited by a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBSharedReviewStatusDialog method issue. For Adobe Acrobat Document Cloud, restrict access to the CBSharedReviewStatusDialog method until a patch is available. For Adobe Reader, avoid using the JavaScript API in the affected CBSharedReviewStatusDialog method until the issue is resolved. For Adobe Reader Document Cloud, consider disabling the CBSharedReviewStatusDialog method as a temporary workaround until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the ANTrustPropagateAll method issue. For Adobe Acrobat Document Cloud, restrict access to JavaScript API until a patch is available. For Adobe Reader, consider disabling JavaScript execution in affected versions until a fix is provided. For Adobe Reader Document Cloud, avoid using the vulnerable JavaScript API in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the `ANSendForApproval` function to minimize the risk of exploitation. For Adobe Reader, avoid using the JavaScript API in affected versions until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the execution of JavaScript code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Log and Event Manager (LEM) (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary commands on managed computers. This is achieved via a request to the "services/messagebroker/nonsecurestreamingamf" endpoint, involving the traceroute functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Storage Manager versions prior to 6.2 **Description** The issue is related to insufficient input validation in the ProcessFileUpload.jsp component of SolarWinds Storage Manager, allowing remote attackers to upload and execute arbitrary files. **Recommendations** For versions prior to 6.2, update to version 6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ProcessFileUpload.jsp component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accelerite Radia Client Automation versions prior to 9.1 **Description** The issue is related to insufficient access control for certain functions in the Radia Client Automation program. It allows a remote attacker to execute arbitrary code by sending specific commands in an environment lacking proper firewalling. **Recommendations** For versions prior to 9.1, update to version 9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 9 **Description** The issue is related to improper access to objects in memory, which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the current user. This can be triggered by visiting a crafted web site. **Recommendations** For Microsoft Internet Explorer version 9, apply the necessary patch to fix the memory corruption issue. As a temporary workaround, consider restricting access to potentially malicious web sites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.