#VU55735 Security features bypass in Adobe Connect


Published: 2021-08-10

Vulnerability identifier: #VU55735

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36061

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adobe Connect
Client/Desktop applications / Other client software

Vendor: Adobe

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to violation of secure design principles issue. A remote attacker can bypass security features on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Adobe Connect: 11.2 - 11.2.2

External links
http://helpx.adobe.com/security/products/connect/apsb21-66.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Adobe Connect