Bulletin ID
Security update available for Adobe Connect | APSB21-91
|
Date Published |
Priority |
---|---|---|
APSB21-91 |
October 12, 2021 |
2 |
Summary
Affected product versions
Product |
Version |
Platform |
---|---|---|
Adobe Connect |
11.2.3 and earlier versions |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version.
Product |
Version |
Platform |
Priority |
Availability |
---|---|---|---|---|
Adobe Connect |
11.3 |
All |
2 |
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
---|---|---|---|---|---|
Deserialization of Untrusted Data (CWE-502) |
Arbitrary code execution |
Critical |
9.8 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-40719 |
Cross-site Scripting (Reflected XSS) (CWE-79) |
Arbitrary code execution |
Important |
6.1 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE-2021-40721 |
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
Cyku (CVE-2021-40719)
celesian (CVE-2021-40721)
Revisions
October 27th, 2021: updated affected/fix versions
January 27th, 2022: Updated CVSS details for CVE-2021-40721
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.