Adobe Framemaker Users Beware of New Authentication Bypass Vulnerability

CVECVE-2024-20738
CVSScvssV3_1: 9.8
SourceCVE-2024-20738

Adobe Framemaker, a desktop publishing and page layout software, has been found to have a serious security issue that could allow hackers unauthorized access.

The vulnerability (tracked as CVE-2024-20738) is an improper authentication flaw that exists in versions 2022.1 and earlier of Framemaker. This means attackers can bypass the software’s login mechanisms without needing a valid username and password.

Once bypassing authentication, hackers would have full control over a targeted Framemaker installation. They could then install malware, view or steal files, or carry out other malicious actions the user has permission for. Worryingly, exploiting this flaw does not require any user interaction, making attacks very hard to detect and prevent.

If you use Adobe Framemaker on your computer, it is strongly recommended to update to the latest version right away. Version 2022.2 and above have fixes for this authentication bypass vulnerability. You should also use a robust antivirus program and only download software from official and trusted sources. Being vigilant about application and system updates can help keep cybercriminals out of your devices and private information safe.

References