CVE-2021-28588 — Path Traversal in Adobe Robohelp Server

CWE-22 — Path Traversal5 documents4 sources

Severity

8.8HIGHNVD

EPSS

16.3%

top 5.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Robohelp Server

Timeline

PublishedJun 28

Latest updateMay 24

Description

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5adobe/robohelp_serverunspecified — 2019.0.9+1

▶NVDadobe/robohelp_server2019.0.9

🔴Vulnerability Details

GHSA

GHSA-ghqh-hjhp-p556: Adobe RoboHelp Server version 2019↗2022-05-24

▶

CVEList

Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability↗2021-06-28

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Use-after-free vulnerability in Foxit PDF Reader↗2021-05-06

▶

Talos

Vulnerability Spotlight: Use-after-free vulnerability in Foxit PDF Reader↗2021-05-06

▶