Adobe Security Bulletin
Security updates available for Adobe Connect | APSB20-69
Bulletin ID Date Published Priority
APSB20-69 November 10, 2020 3

Summary

Adobe will be releasing security updates for Adobe Connect during the week of November 9, 2020. These updates address reflected cross-site scripting vulnerabilities rated important.  Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.

Affected product versions

Product Version Platform
Adobe Connect 11.0 and earlier versions All

Solution

Adobe categorizes these updates with the following  priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
Adobe Connect 11.0.5 All 3 Release note

Note:

Adobe Connect 11.0.5 rolls out in the following phases:

Hosted services:  Upgrades begin on November 1.  See Adobe Connect Downloads and Updates to determine the upgrade date for your account.

On-premise deployments: Will be available from November 13.

Managed services: Contact your Adobe Connect Managed Services (ACMS) representative, or private cloud provider, to schedule an upgrade.

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Number
Reflected cross-site scripting Arbitrary JavaScript execution in the browser Important

CVE-2020-24442

CVE-2020-24443

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Saulius Pranckevicius / Danske Bank Red Team (CVE-2020-24442)
  • Shaun Budding (@pudsec) (CVE-2020-24443)