CVE-2023-22274XML External Entity (XXE) Injection in Adobe Robohelp

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 55.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe RobohelpAdobe Robohelp Server
Timeline
PublishedNov 17

Description

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/robohelpRHS 11.4

🔴Vulnerability Details

2
GHSA
GHSA-3hmg-cm34-vrf6: Adobe RoboHelp Server versions 112023-11-17
CVEList
ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability2023-11-17
CVE-2023-22274 — XML External Entity (XXE) Injection | cvebase