CVE-2021-28579Improper Access Control in Adobe Connect

CWE-284Improper Access ControlCWE-269Improper Privilege Management3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 54.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Connect
Timeline
PublishedJun 28
Latest updateMay 24

Description

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDadobe/connect< 11.2.2
CVEListV5adobe/connectunspecified11.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-c924-xxqf-59v3: Adobe Connect version 112022-05-24
CVEList
Adobe Connect improper access control could lead to privilege escalation2021-06-28
CVE-2021-28579 — Improper Access Control in Adobe | cvebase