Adobe Security Bulletin

Security updates available for Adobe Connect | APSB20-69

Bulletin ID

Date Published

Priority

APSB20-69

November 10, 2020

3

Summary

Adobe will be releasing security updates for Adobe Connect during the week of November 9, 2020. These updates address reflected cross-site scripting vulnerabilities rated important.  Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.

Affected product versions

Product

Version

Platform

Adobe Connect

11.0 and earlier versions

All

Solution

Adobe categorizes these updates with the following  priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe Connect

11.0.5

All

3

Note:

Adobe Connect 11.0.5 rolls out in the following phases:

Hosted services:  Upgrades begin on November 1.  See Adobe Connect Downloads and Updates to determine the upgrade date for your account.

On-premise deployments: Will be available from November 13.

Managed services: Contact your Adobe Connect Managed Services (ACMS) representative, or private cloud provider, to schedule an upgrade.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Reflected cross-site scripting

Arbitrary JavaScript execution in the browser

Important

CVE-2020-24442

CVE-2020-24443

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Saulius Pranckevicius / Danske Bank Red Team (CVE-2020-24442)
  • Shaun Budding (@pudsec) (CVE-2020-24443)