CVE-2020-9668

CWE-284Improper Access Control3 documents3 sources
Severity
7.8HIGH
EPSS
0.9%
top 24.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe GocartAdobe Genuine Service
Timeline
PublishedApr 16
Latest updateMay 24

Description

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/gocartunspecified6.6+1

🔴Vulnerability Details

2
GHSA
GHSA-3m7c-wp57-w3xx: Adobe Genuine Service version 62022-05-24
CVEList
AGSService program mishandling symbolic links2021-04-16
CVE-2020-9668 (HIGH CVSS 7.8) | Adobe Genuine Service version 6.6 ( | cvebase.io