CVE-2023-44324

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 55.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Framemaker Publishing Server Adobe Adobe Framemaker Publishing Server

Timeline

PublishedNov 17

Description

Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/framemaker_publishing_server< 2022+1

▶CVEListV5adobe/adobe_framemaker_publishing_serverv2022+1

🔴Vulnerability Details

CVEList

ZDI-CAN-21344: Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability↗2023-11-17

▶

GHSA

GHSA-6wwh-cvh6-jmg9: Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass↗2023-11-17

▶