Bulletin ID
Security updates available for Adobe Connect | APSB17-22
|
Date Published |
Priority |
---|---|---|
APSB17-22 |
July 11, 2017 |
3 |
Summary
Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101).
Affected product versions
Product |
Version |
Platform |
---|---|---|
Adobe Connect |
9.6.1 and earlier |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
---|---|---|---|---|
Adobe Connect |
9.6.2 |
Windows |
3 |
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
---|---|---|---|
User Interface (UI) Misrepresentation of Critical Information |
Clickjacking attacks |
Moderate |
CVE-2017-3101 |
Improper Neutralization of Input During Web Page Generation |
Cross-site scripting attacks |
Important |
CVE-2017-3102 |
Improper Neutralization of Input During Web Page Generation |
Cross-site scripting attacks |
Important |
CVE-2017-3103 |
Acknowledgments
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Anas Roubi (CVE-2017-3101)
- Adam Willard of Blue Canopy (CVE-2017-3102)
- Alexis Laborier (CVE-2017-3103)
Revisions
20 July, 2017: Updated acknowledgement for CVE-2017-3102 to Blue Canopy.