Improper Authorization in RoboHelp Server

#VU64301 Improper Authorization in RoboHelp Server

Published: 2022-06-14

Vulnerability identifier: #VU64301

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30670

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
RoboHelp Server
Server applications / Other server solutions

Vendor: Adobe

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to missing authorization checks. A remote authenticated user can manipulate API requests and elevate their account privileges to that of a server administrator.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RoboHelp Server: 11.0 - 2020.0.7

External links
http://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in RoboHelp Server