CVE-2020-24441Improper Access Control in Adobe Acrobat Reader

CWE-284Improper Access Control3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.8%
top 26.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Acrobat Reader
Timeline
PublishedNov 12
Latest updateMay 24

Description

Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/acrobat_readerunspecified20.6.2+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-qfq6-38xq-622r: Adobe Acrobat Reader for Android version 202022-05-24
CVEList
Improper Access Control in Adobe Acrobat Reader for Android2020-11-12
CVE-2020-24441 — Improper Access Control in Adobe | cvebase