CERT-In Warns Adobe, IBM WebSphere, And Joomla Users
These vulnerabilities can be exploited by attackers to steal data, deface websites, gain unauthorized access to systems, or even execute malicious code.
Krishna Murthy July 17, 2024
Share on LinkedInShare on Twitter
The Indian Computer Emergency Response Team (CERT-In), a cybersecurity agency operating under the Ministry of Electronics and Information Technology, has sounded the alarm for Adobe users and issued a high-risk warning.
Their latest Vulnerability Note (CIVN-2024-0213) details multiple critical security weaknesses discovered in several Adobe software versions. These vulnerabilities expose users of Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge to significant security risks.
CERT-In classifies the identified vulnerabilities as “HIGH” severity and urges users to act swiftly to safeguard their systems. This includes updating their Adobe software immediately. If left unaddressed, attackers can exploit these vulnerabilities to trigger memory leaks and run unauthorized code on targeted systems. Such attacks can have severe consequences, including stolen data, system crashes, and unauthorized access to sensitive information.
Apart from Adobe Products, CERT-In has also issued critical warnings vulnerability warnings for IBM WebSphere application server and Joomla Content Management System
Understanding the Vulnerabilities
According to CERT-In, several underlying issues are responsible for the vulnerabilities found in Adobe products:
- Integer Overflow or Wraparound: This vulnerability occurs when an arithmetic operation surpasses the maximum capacity of the integer data type used to store the value, leading to unexpected behavior or crashes.
- Heap-based Buffer Overflow: This arises when data surpasses the designated buffer capacity in the heap memory, potentially allowing attackers to execute unauthorized code.
- Out-of-bounds Write and Read: These vulnerabilities occur when software reads or writes data beyond the allocated memory boundaries, leading to data corruption, crashes, or code execution.
- Untrusted Search Path: This vulnerability arises when software searches for resources in untrusted directories, which attackers can exploit to execute malicious code.
Affected Adobe Softwares
The following Adobe software versions are susceptible to these vulnerabilities:
- Adobe Premiere Pro:
- All versions before 24.4.1 for Windows and macOS
- All versions before 23.6.5 for Windows and macOS
- Adobe InDesign:
- All versions before ID19.3 for Windows and macOS
- All versions before ID18.5.2 for Windows and macOS
- Adobe Bridge:
- All versions before 13.0.7 for Windows and macOS
- All versions before 14.1 for Windows and macOS
Security Patch
CERT-In recommends the following actions to mitigate the risks associated with these vulnerabilities:
- Apply the Latest Updates: Install the most recent updates provided by Adobe for the affected software as soon as possible. Keeping software up-to-date is essential to shield systems from known vulnerabilities.
- Regular Update Checks: Enable automatic updates for your Adobe software if available. Otherwise, routinely check for updates and install them promptly.
- Download from Official Sources: Only download software and updates from the official Adobe website or trusted app stores. Avoid downloading from untrusted sources, as they might distribute malicious versions.
- Layered Security: Consider using additional security measures like firewalls, antivirus software, and intrusion detection systems to add an extra layer of protection against potential attacks.
- Regular Backups: Regularly back up important data to minimize the impact of a potential security breach or system failure.
By following these recommendations, users of the affected Adobe software can significantly reduce their risk of falling victim to cyberattacks.
IBM WebSphere Application Server Under Fire
CERT-In has also reported a vulnerability in IBM WebSphere Application Server (CVE-2024-0215) that could allow Remote Code Execution (RCE) attacks. This means attackers could potentially exploit this flaw to execute malicious code on the server, granting them complete control of the system.
According to IBM, “a remote attacker could exploit this vulnerability to execute arbitrary code on the system with a specially crafted sequence of serialized objects.”
The bulletin applies to:
- IBM WebSphere Application Server Traditional V9.0 or earlier versions
- IBM WebSphere Application Server Network Deployment V8.5 or earlier versions
IBM has recommended updating to the following versions to address the vulnerability or fix the pack that contains the APAR PH61489.
- For V9.0.0.0 through 9.0.5.20:
Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH61489
–OR–
· Apply Fix Pack 9.0.5.21 or later (targeted availability 3Q2024). - For V8.5.0.0 through 8.5.5.25:
Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH61489
–OR–
· Apply Fix Pack 8.5.5.26 or later (targeted availability 3Q2024).
Users can find detailed information and download the updates from the official IBM Security Bulletin.
Cross-Site Scripting (XSS) Vulnerabilities in Joomla
A high-risk warning for users of the Joomla Content Management System (CMS) has also been issued by CERT-In. Multiple vulnerabilities classified as “HIGH” severity have been identified in advisory (CIVN-2024-0214), allowing attackers to inject malicious scripts into websites.
These vulnerabilities exist in various components/functions (Custom Fields, wrapper extensions, StringHelper::truncate, fancyselect list field layout, accessiblemedia) of Joomla due to improper input validation.
These vulnerabilities fall under the category of Cross-Site Scripting (XSS), which can be exploited to steal user data, deface websites, or redirect users to phishing sites. Successful exploitation of these vulnerabilities could allow the attacker to conduct cross-site scripting attacks on the targeted system.
Cert-in has suggested users upgrade to Joomla CMS versions 3.10.16-elts, 4.4.6, or 5.1.2. More details have been provided by Joomla in its Security Announcements page.