OS Command Injection Vulnerability in Adobe Connect by Adobe
CVE-2018-4923

9.1CRITICAL

Key Information:

Vendor
Adobe
Status
Adobe Connect 9.7 And Earlier
Vendor
CVE Published:
19 May 2018

Summary

Adobe Connect versions 9.7 and earlier are susceptible to an OS Command Injection vulnerability which allows attackers to execute arbitrary commands on the server. This exploitation can lead to unauthorized file deletion, posing a significant risk to the integrity of data hosted on the platform. Organizations using affected versions should prioritize updating their software to mitigate potential risks.

Affected Version(s)

Adobe Connect 9.7 and earlier Adobe Connect 9.7 and earlier

References

http://www.securitytracker.com/id/1040523
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/connect/apsb18-...
x_refsource_MISC
http://www.securityfocus.com/bid/103391
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.