CVE-2021-21085Improper Input Validation in Adobe Connect

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 26.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Connect
Timeline
PublishedMar 12
Latest updateMay 24

Description

Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/connectunspecified11.0.7+1
NVDadobe/connect11.0.7

🔴Vulnerability Details

2
GHSA
GHSA-qc96-38mv-g6cc: Adobe Connect version 112022-05-24
CVEList
Adobe Connect CSV injection via export feature could lead to code execution2021-03-12
CVE-2021-21085 — Improper Input Validation in Adobe | cvebase