Improper input validation in Adobe Campaign - CVE-2017-2989
Published: April 11, 2017 / Updated: April 11, 2017
Vulnerability identifier: #VU6194
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-2989
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Campaign
Adobe Campaign
Detailed vulnerability description
The vulnerability allows a remote attacker to read, write or delete data on the target system.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted file, trick the victim into opening it and read, write or delete data from the Campaign database.
Successful exploitation of the vulnerability results in compromise vulnerable system.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted file, trick the victim into opening it and read, write or delete data from the Campaign database.
Successful exploitation of the vulnerability results in compromise vulnerable system.
How to mitigate CVE-2017-2989
Update to version 6.11 Build 8795.