Adobe Framemaker Publishing Server Vulnerable to Improper Authentication Attacks
CVE-2024-30299

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Framemaker Publishing Server
Vendor: CVE Published:; 13 June 2024

Summary

Adobe Framemaker Publishing Server versions 2020.3, 2022.2, and earlier are vulnerable to an Improper Authentication issue that permits attackers to exploit the application for privilege escalation. This vulnerability allows unauthorized access to sensitive areas of the application, enabling attackers to gain elevated privileges without requiring user interaction. It is crucial for organizations using affected versions to apply the necessary security updates and patches to mitigate potential risks.

Affected Version(s)

Adobe Framemaker Publishing Server 0 <= 2022.2

References

https://helpx.adobe.com/security/products/framemaker-publ...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Mar 26, 2024

Collectors

NVD DatabaseMitre Database