ZDI-CAN-21344: Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability
CVE-2023-44324

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Framemaker Publishing Server
Vendor: CVE Published:; 17 November 2023

Summary

Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.

Affected Version(s)

Adobe Framemaker Publishing Server 0

References

https://helpx.adobe.com/security/products/framemaker-publ...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2023
Vulnerability Reserved
Sep 28, 2023

Collectors

NVD DatabaseMitre Database