Bulletin ID
Last updated on
20 Mar 2024
Security Updates Available for Adobe FrameMaker Publishing Server | APSB24-10
|
|
Date Published |
Priority |
|---|---|---|
|
APSB24-10 |
February 13, 2024 |
3 |
Summary
Adobe has released a security update for Adobe FrameMaker Publishing Server. This update addresses a critical vulnerability. Successful exploitation could lead to security feature bypass.
Affected Versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe FrameMaker Publishing Server |
Version 2022 Update 1 and earlier versions
Version 2020 Update 2 and earlier versions |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe FrameMaker Publishing Server |
Version 2022.2
|
Windows |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Improper Authentication (CWE-287) |
Security feature bypass |
Critical |
9.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2024-20738 |
Acknowledgments
Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:
- Tenable Research -- CVE-2024-20738
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com