CVE-2022-28830: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker versions 2019u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability. The vulnerability was assigned CVE-2022-28830 and was disclosed on May 10, 2022. This security issue affects Adobe's Framemaker document processing software (NVD Database, CVE Mitre).

The vulnerability is classified as an out-of-bounds read (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. Under CVSS v2.0, it received a base score of 4.3 (Medium) with a vector string of (AV:N/AC:M/Au:N/C:P/I:N/A:N) (NVD Database).

The vulnerability could lead to the disclosure of sensitive memory information. More significantly, an attacker could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR) (NVD Database).

Adobe has addressed this vulnerability in their security update. Users of affected versions (Framemaker 2019u8 and earlier, and 2020u4 and earlier) should update to the latest version as detailed in Adobe's security bulletin (Adobe Advisory).