Multiple vulnerabilities in Adobe Connect

Published: 2018-03-13 23:48:15
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-4921
CVE-2018-4923
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-434
CWE-20
Exploitation vector Network
Public exploit Not available
Vulnerable software Adobe Connect
Vulnerable software versions Adobe Connect 9.7
Adobe Connect 9.6.2
Adobe Connect 9.6.1
Show more
Vendor URL Adobe

Security Advisory

1) Dangerous file upload

Description

The vulnerability allows a remote attacker to upload .swf files.

The vulnerability exists due to insufficient input validation when processing file uploads. A remote attacker can upload a specially crafted .swf file and gain access to potentially sensitive information.

Remediation

Update to version 9.7.5.

External links

https://helpx.adobe.com//security/products/connect/apsb18-06.html

2) Improper input validation

Description

The vulnerability allows a remote attacker to delete arbitrary files on the system.

The vulnerability exists due to input validation error when processing URI. A remote attacker can remove arbitrary files on the system or force uninstall of the application.

Remediation

Update to version 9.7.5.

External links

https://helpx.adobe.com//security/products/connect/apsb18-06.html

Back to List