Adobe Security Bulletin
Security updates available for Adobe Connect | APSB21-19
Bulletin ID Date Published Priority
APSB21-19 March 09, 2021 3

Summary

Adobe has released a security update for Adobe Connect.  This update resolves a critical and an important vulnerability. Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.              

Affected product versions

Product Version Platform
Adobe Connect 11.0.5 and earlier versions            
All

Solution

Adobe categorizes these updates with the following  priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
Adobe Connect 11.2 
All 3 Release note

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Number
Improper Input Validation  Arbitrary code execution Critical
CVE-2021-21085

 

Reflected cross-site scripting

 

Arbitrary JavaScript execution in the browser

 

Important

CVE-2021-21079

CVE-2021-21080

CVE-2021-21081

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Lemonoftroy (CVE-2021-21079)   
  • kickass (janthraper)(CVE-2021-21085) 
  • Muhammed Ahmed (elpast) (CVE-2021-21080, CVE-2021-21081)  

Revisions

March 09, 2021: Updated CVE id from CVE-2021-21078 to CVE-2021-21085