CVE-2024-20738 — Improper Authentication in Adobe Framemaker Publishing Server

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 56.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Framemaker Publishing Server Adobe Framemaker Publishing Server

Timeline

PublishedFeb 15

Description

Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/framemaker_publishing_server< 2022+1

▶CVEListV5adobe/adobe_framemaker_publishing_server2022.1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-xfgj-9gc9-r597: Adobe Framemaker versions 2022↗2024-02-15

▶

CVEList

Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability | CVE-2023-44324 bypass↗2024-02-15

▶