Michele Damico

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** An uncontrolled resource consumption issue exists that could lead to an application denial-of-service. An attacker can exploit this to exhaust system resources, causing the application to become unavailable. This process does not require any user interaction. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Dell ECS versions 3.8.1.0 through 3.8.1.7 Dell ObjectScale versions prior to 4.3.0.0 **Description** An issue involving the use of hard-coded credentials allows an unauthenticated attacker with local access to potentially gain filesystem access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell PowerProtect Data Domain versions 7.7.1.0 through 8.5 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.50 **Description** The Data Domain Operating System (DD OS) contains a use of weak credentials. An unauthenticated attacker with local access could potentially exploit this issue to gain unauthorized access to the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Framemaker versions prior to 2022.9 **Description** A Heap-based Buffer Overflow exists, which is a condition where a program writes more data to a heap-allocated memory block than it can hold, potentially overwriting adjacent memory. This flaw could lead to memory exposure, allowing an attacker to disclose sensitive information stored in memory. Exploitation requires user interaction, specifically requiring a victim to open a malicious file. **Recommendations** Update to a version newer than 2022.8.

**Name of the Vulnerable Software and Affected Versions** Bridge versions 16.0.2 and earlier Bridge versions 15.1.4 and earlier **Description** A Heap-based Buffer Overflow (a condition where a program writes more data to a heap-allocated memory block than it can hold) could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically that a victim opens a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions prior to 6.5.24, FP11.7 **Description** A DOM-based Cross-Site Scripting (XSS) issue exists where an attacker can manipulate the Document Object Model (DOM) environment to execute malicious JavaScript in the victim's browser. This requires the victim to visit a specially crafted webpage. **Recommendations** Update to a version later than 6.5.24, FP11.7.

**Name of the Vulnerable Software and Affected Versions** Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.13.1.0 through 7.13.1.50 **Description** An exposure of sensitive information to an unauthorized actor exists. A low privileged attacker with remote access could potentially exploit this issue, leading to information exposure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FortiSOAR PaaS versions 7.6.0 through 7.6.3 FortiSOAR PaaS versions 7.5.0 through 7.5.2 FortiSOAR PaaS versions 7.4 FortiSOAR PaaS versions 7.3 FortiSOAR on-premise versions 7.6.0 through 7.6.2 FortiSOAR on-premise versions 7.5.0 through 7.5.1 FortiSOAR on-premise versions 7.4 FortiSOAR on-premise versions 7.3 **Description** A cleartext transmission of sensitive information issue in the graphical user interface of the cybersecurity orchestration and real-time incident response management software may allow an authenticated remote attacker to view user passwords in cleartext. This occurs specifically in responses for Secure Message Exchange and Radius queries when configured. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InDesign Desktop versions 20.5.2 and 21.2 and earlier **Description** A Heap-based Buffer Overflow occurs when a program writes more data to a heap-allocated memory block than it can hold. This issue could result in arbitrary code execution in the context of the current user and requires user interaction, specifically the opening of a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0 Description A high privileged attacker with local access could potentially exploit a vulnerability that results in the generation of error messages containing sensitive information. This could lead to information disclosure. Recommendations Update to a version beyond 9.13.0.0

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Agent Service versions prior to 20.1 Description The Dell PowerProtect Agent Service contains an Incorrect Permission Assignment for Critical Resource issue. A low privileged attacker with local access could potentially exploit this, leading to Information exposure. Recommendations Update to version 20.1 or later.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. An attacker could inject malicious scripts into vulnerable form fields. Execution of malicious JavaScript may occur in a victim’s browser when browsing a page containing the vulnerable field. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** Adobe Experience Manager versions 6.5.23 and earlier are susceptible to a stored Cross-Site Scripting (XSS) issue. A low-privileged attacker could exploit this to inject malicious scripts into vulnerable form fields. When a user accesses the page containing the vulnerable field, the malicious JavaScript may be executed in their browser. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. A low-privileged attacker could inject malicious scripts into vulnerable form fields. When a user accesses the page containing the vulnerable field, the malicious JavaScript may be executed in their browser. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. A low-privileged attacker could inject malicious scripts into vulnerable form fields. Execution of malicious JavaScript may occur in a victim’s browser when browsing a page containing the vulnerable field. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. An attacker could inject malicious scripts into vulnerable form fields. Execution of malicious JavaScript may occur in a victim’s browser when browsing a page containing the vulnerable field. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. A low-privileged attacker could exploit this to inject malicious scripts into vulnerable form fields. Execution of malicious JavaScript may occur in a victim’s browser when they access the page containing the vulnerable field. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. An attacker could inject malicious scripts into vulnerable form fields. When a victim browses to the page containing the vulnerable field, the malicious JavaScript may be executed in their browser. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.

**Name of the Vulnerable Software and Affected Versions** Illustrator versions 29.8.4 and earlier Illustrator version 30.1 **Description** A Heap-based Buffer Overflow vulnerability exists that may allow for arbitrary code execution in the context of the current user. Successful exploitation requires a user to open a malicious file. **Recommendations** Update Illustrator to a version later than 29.8.4. Update Illustrator to a version later than 30.1.

**Name of the Vulnerable Software and Affected Versions** Adobe Experience Manager versions 6.5.23 and earlier **Description** A stored Cross-Site Scripting (XSS) issue exists in Adobe Experience Manager. A low-privileged attacker could exploit this to inject malicious scripts into vulnerable form fields. When a user accesses the page containing the vulnerable field, the malicious JavaScript may be executed in their browser. **Recommendations** Update Adobe Experience Manager to a version later than 6.5.23.