← back
CVE-2021-28579

Adobe Connect improper access control could lead to privilege escalation

CVSS 4.3 MEDIUMEPSS 1.1%CWE-284
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jun 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Adobe · Connect

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/connect/apsb21-36.html