Lucene search

AdobeCVELIST:CVE-2024-30299

HistoryJun 13, 2024 - 11:24 a.m.

CVE-2024-30299 Tenable Vulnerability Disclosure | API Auth Bypass

2024-06-1311:24:31

CWE-287

adobe

www.cve.org

cve-2024-30299

tenable

vulnerability

disclosure

adobe framemaker

publishing server

improper authentication

privilege escalation

unauthorized access

elevated privileges

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Adobe Framemaker Publishing Server",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2022.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/framemaker-publishing-server/apsb24-38.html

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2024-30299