CVE-2024-30299

2024-06-1312:15:09

CWE-287

[email protected]

web.nvd.nist.gov

adobe; framemaker publishing server; improper authentication; unauthorized access; privilege escalation; exploitation; cve-2024-30299

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.

Affected configurations

Vulners

Node

adobeframemaker_publishing_serverRange≤2022.2

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Adobe Framemaker Publishing Server",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2022.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]