Server-Side Request Forgery in Adobe Connect by Adobe
CVE-2017-11291

10CRITICAL

Key Information:

Vendor
Adobe
Status
Adobe Connect 9.6.2 And Earlier Versions
Vendor
CVE Published:
9 December 2017

Summary

A vulnerability affecting Adobe Connect 9.6.2 and earlier versions has been identified, which allows for Server-Side Request Forgery (SSRF) attacks. This can potentially enable malicious actors to bypass network access controls, leading to unauthorized access to sensitive information on the server. Organizations using affected versions should review their security arrangements and implement the necessary updates to mitigate this risk.

Affected Version(s)

Adobe Connect 9.6.2 and earlier Adobe Connect 9.6.2 and earlier versions

References

https://helpx.adobe.com/security/products/connect/apsb17-...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039799
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101838
vdb-entryx_refsource_BID

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.