AGSService program mishandling symbolic links
CVE-2020-9668

7.8HIGH

Key Information:

Vendor: Adobe
Status: Gocart
Vendor: CVE Published:; 16 April 2021

What is CVE-2020-9668?

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.

Affected Version(s)

GoCart <= 6.6

GoCart <= unspecified

References

https://helpx.adobe.com/security/products/integrity_servi...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2021
Vulnerability Reserved
Mar 2, 2020