Two vulnerabilities in Adobe Campaign
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-2969 CVE-2017-2968 |
| CWE-ID | CWE-79 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Adobe Campaign Server applications / Other server solutions |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU5822
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2969
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to insufficient input validation. A remote attacker can launch a cross-site scripting attack against users of vulnerable application. MitigationInstall the latest version Adobe Campaign v6.11 16.8 Build 8757.
Vulnerable software versionsAdobe Campaign: 15.9 - 16.4-8724
External linkshttp://helpx.adobe.com/security/products/campaign/apsb17-06.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU5821
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2968
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges.
The vulnerability exists due to unknown error in Adobe Campaign. A remote authenticated user with access to the client console can obtain read and write privileges to the system.
Mitigation
Install the latest version Adobe Campaign v6.11 16.8 Build 8757.
Vulnerable software versionsAdobe Campaign: 15.9 - 16.4-8724
External linkshttp://helpx.adobe.com/security/products/campaign/apsb17-06.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
