Adobe Security Bulletin

Security updates available for Adobe Connect | APSB20-69

Bulletin ID	Date Published	Priority
APSB20-69	November 10, 2020	3

Adobe will be releasing security updates for Adobe Connect during the week of November 9, 2020. These updates address reflected cross-site scripting vulnerabilities rated important. Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.

Product	Version	Platform
Adobe Connect	11.0 and earlier versions	All

Adobe categorizes these updates with the following  priority ratings and recommends users update their installation to the newest version:

Product	Version	Platform	Priority	Availability
Adobe Connect	11.0.5	All	3	Release note

Note:

Adobe Connect 11.0.5 rolls out in the following phases:

Hosted services: Upgrades begin on November 1. See Adobe Connect Downloads and Updates to determine the upgrade date for your account.

On-premise deployments: Will be available from November 13.

Managed services: Contact your Adobe Connect Managed Services (ACMS) representative, or private cloud provider, to schedule an upgrade.

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Reflected cross-site scripting

Arbitrary JavaScript execution in the browser

Important

CVE-2020-24442

CVE-2020-24443

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

Saulius Pranckevicius / Danske Bank Red Team (CVE-2020-24442)
Shaun Budding (@pudsec) (CVE-2020-24443)

Adobe Security Bulletin

Summary

Affected product versions

Solution

Vulnerability details

Acknowledgments

Ask the Community

Contact Us