Bulletin ID
Last updated on
Feb 5, 2024
Security Updates Available for Adobe FrameMaker Publishing Server | APSB23-58
|
|
Date Published |
Priority |
|---|---|---|
|
APSB23-58 |
November 14, 2023 |
3 |
Summary
Adobe has released a security update for Adobe FrameMaker Publishing Server. This update addresses a critical vulnerability. Successful exploitation could lead to security feature bypass.
Affected Versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe FrameMaker Publishing Server |
Version - 2022 and earlier versions |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe FrameMaker Publishing Server |
Version 2022 Update 1 |
Windows |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Improper Access Control (CWE-284) |
Security feature bypass |
Critical |
9.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2023-44324 |
Acknowledgments
Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:
- Anonymous working with Trend Micro Zero Day Initiative -- CVE-2023-44324
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com