CVE-2020-24441

Published: Nov 12, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.

Affected (1)

Products: Adobe: Acrobat Reader

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Acrobat Reader	Up to 20.6.2

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.html

Source: psirt@adobe.com

PatchVendor Advisory

https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.