Bulletin ID
Security Updates Available for Adobe FrameMaker Publishing Server | APSB24-38
|  | Date Published | Priority | 
|---|---|---|
| APSB24-38 | June 11, 2024  | 3 | 
Summary
Adobe has released a security update for Adobe FrameMaker Publishing Server.  This update addresses critical vulnerabilities. Successful exploitation could lead to privilege escalation.
Affected Versions
| Product | Version | Platform | 
|---|---|---|
| Adobe FrameMaker Publishing Server | Version 2022.2 and earlier versions 
 Version 2020 Update 3 and earlier versions | 
 Windows | 
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority | Availability | 
|---|---|---|---|---|
| Adobe FrameMaker Publishing Server | Version 2022.3 
 | 
 Windows | 
 3 | 
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score  | CVE Numbers | |
|---|---|---|---|---|---|
| Improper Authentication (CWE-287) | Privilege escalation | Critical | 10 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | CVE-2024-30299 | 
| Information Exposure (CWE-200) | Privilege escalation | Critical | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CVE-2024-30300 | 
Acknowledgments
Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:
- James Sebree -- CVE-2024-30299, CVE-2024-30300
 
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com