CVE-2024-20756

CWE-787 — Out-of-bounds Write CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGH

EPSS

1.9%

top 16.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Bridge

Timeline

PublishedMar 18

Latest updateDec 16

Description

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/bridge14.0.0 — 14.0.2+1

▶CVEListV5adobe/bridge14.0.1

🔴Vulnerability Details

GHSA

MinIO vulnerable to privilege escalation in IAM import API↗2024-12-16

▶

CVEList

Adobe Bridge 2024 Out of Bound Write Remote Code Execution Vulnerability↗2024-03-18

▶

GHSA

GHSA-5397-vmv2-vf75: Bridge versions 13↗2024-03-18

▶