CVE-2021-36061

EPSS 0.97%
Published 01.09.2021 15:15:11
Last modified 21.11.2024 06:13:03
Source psirt@adobe.com
Teams watchlist Login
Open Login

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Connect Version <= 11.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.97%	0.745

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
psirt@adobe.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE-657 Violation of Secure Design Principles

The product violates well-established principles for secure design.

https://helpx.adobe.com/security/products/connect/apsb21-66.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-36061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-36061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-36061

EUVD