← volver
CVE-2021-21085

Adobe Connect CSV injection via export feature could lead to code execution

CVSS 7.8 HIGHEPSS 3.7%CWE-20
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 3.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 mar 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Productos afectados
Adobe · Connect

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://helpx.adobe.com/security/products/connect/apsb21-19.html