Bulletin ID
Last updated on
17 May 2021
|
Also applies to Adobe Connect
Security updates available for Adobe Connect | APSB18-06
|
|
Date Published |
Priority |
|---|---|---|
|
APSB18-06 |
March 13, 2018 |
3 |
Summary
Adobe has released a security update for Adobe Connect. This update resolves an unrestricted SWF file upload vulnerability (CVE-2018-4921), which could be exploited to conduct cross-site scripting attacks. This update also resolves an OS command injection vulnerability in the Adobe Connect URI handler on Windows (CVE-2018-4923) that could result in unintended arbitrary local file removal or forced uninstall of the application.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Connect |
9.7 and earlier |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe Connect |
9.7.5 |
All |
3 |
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
OS Command Injection |
Arbitrary file deletion |
Important |
CVE-2018-4923 |
|
Unrestricted SWF File Upload |
Information disclosure |
Important |
CVE-2018-4921 |
Acknowledgments
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Ciaran McNally (CVE-2018-4921)
- Rgod (CVE-2018-4923)
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online