CVE-2020-9724: 
Adobe Lightroom Classic vulnerability analysis and mitigation

Adobe Lightroom versions 9.2.0.10 and earlier were found to contain an insecure library loading vulnerability, identified as CVE-2020-9724. The vulnerability was disclosed on August 19, 2020, affecting Adobe Lightroom Classic software running on Microsoft Windows systems (NVD, Adobe Advisory).

The vulnerability is classified as an Uncontrolled Search Path Element (CWE-427) issue. It received a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

Successful exploitation of this vulnerability could lead to privilege escalation, potentially allowing an attacker to gain elevated access to the affected system. The vulnerability affects the confidentiality, integrity, and availability of the system, with all three aspects rated as High in the CVSS scoring (NVD).

Adobe addressed this vulnerability by releasing security updates for affected versions of Lightroom. Users are advised to update their Adobe Lightroom Classic installations to versions newer than 9.2.0.10 (Adobe Advisory).

Adobe acknowledged the discovery of this vulnerability to Honggang Ren of Fortinet's FortiGuard Labs, who responsibly reported the issue (Adobe Advisory).