Bulletin ID
Last updated on
May 16, 2021
|
Also applies to Adobe Connect
Security updates available for Adobe Connect | APSB20-69
|
|
Date Published |
Priority |
|---|---|---|
|
APSB20-69 |
November 10, 2020 |
3 |
Summary
Adobe will be releasing security updates for Adobe Connect during the week of November 9, 2020. These updates address reflected cross-site scripting vulnerabilities rated important. Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Connect |
11.0 and earlier versions |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe Connect |
11.0.5 |
All |
3 |
Note:
Adobe Connect 11.0.5 rolls out in the following phases:
Hosted services: Upgrades begin on November 1. See Adobe Connect Downloads and Updates to determine the upgrade date for your account.
On-premise deployments: Will be available from November 13.
Managed services: Contact your Adobe Connect Managed Services (ACMS) representative, or private cloud provider, to schedule an upgrade.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
Reflected cross-site scripting |
Arbitrary JavaScript execution in the browser |
Important |
CVE-2020-24442 CVE-2020-24443 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Saulius Pranckevicius / Danske Bank Red Team (CVE-2020-24442)
- Shaun Budding (@pudsec) (CVE-2020-24443)