CVE-2024-45136

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 9, 2024

Updated: Oct 18, 2024

CWE ID 434

Summary

CVE-2024-45136 is a newly identified vulnerability that affects Adobe InCopy versions 19.4 and 18.5.3 and older. This issue involves an Unrestricted File Upload with Dangerous Type, allowing attackers to upload malicious files that can be executed on the server. By exploiting this vulnerability, an attacker can potentially gain arbitrary code execution, leading to serious security consequences. User interaction is required to exploit the issue, making it a potential threat to organizations that use InCopy for content creation and collaboration.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe InCopy

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/x9mV6G
https://www.cve.org/CVERecord?id=CVE-2024-45136
https://nvd.nist.gov/vuln/detail/CVE-2024-45136

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners