CVE-2020-24441

Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.

Published: Nov 12, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-24441
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / acrobat_reader	-	20.6.2.x

https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.html

Vulnerability Database

289,697

CVE-2020-24441