← voltar
CVE-2021-21085

Adobe Connect CSV injection via export feature could lead to code execution

CVSS 7.8 HIGHEPSS 3.7%CWE-20
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 3.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 mar 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
Adobe · Connect

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://helpx.adobe.com/security/products/connect/apsb21-19.html