Headline
CVE-2023-44324: Adobe Security Bulletin
Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin’s password. Exploitation of this issue does not require user interaction.
Security Updates Available for Adobe FrameMaker Publishing Server | APSB23-58
Bulletin ID
Date Published
Priority
APSB23-58
November 14, 2023
3
Summary
Adobe has released a security update for Adobe FrameMaker Publishing Server. This update addresses a critical vulnerability. Successful exploitation could lead to security feature bypass.
Affected Versions
Product
Version
Platform
Adobe FrameMaker Publishing Server
Version - 2022 and earlier versions
Windows
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product
Version
Platform
Priority
Availability
Adobe FrameMaker Publishing Server
Version 2022 Update 1
Windows
3
Tech note
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Numbers
Improper Access Control (CWE-284)
Security feature bypass
Critical
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-44324
Acknowledgments
Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:
- Anonymous working with Trend Micro Zero Day Initiative – CVE-2023-44324
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email [email protected]