Bulletin ID
Security hotfix available for RoboHelp Server | APSB23-53
|
Date Published |
Priority |
---|---|---|
ASPB23-53 |
November 14, 2023 |
3 |
Summary
Affected Versions
Product |
Affected version |
Platform |
RoboHelp Server |
RHS 11.4 and earlier versions |
Windows |
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority rating |
Availability |
RoboHelp Server |
RHS 11 Update 5 (11.5) |
Windows |
3 |
Vulnerability Details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Information Exposure (CWE-200) |
Memory leak |
Critical |
7.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVE-2023-22272 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
Arbitrary code execution |
Critical |
7.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2023-22273 |
Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) |
Memory leak |
Critical |
8.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
CVE-2023-22274 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
Memory leak |
Critical |
7.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVE-2023-22275 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
Memory leak |
Important |
6.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
CVE-2023-22268 |
Acknowledgments
Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:
- Anonymous working with Trend Micro Zero Day Initiative - CVE-2023-22272, CVE-2023-22273, CVE-2023-22274, CVE-2023-22275, CVE-2023-22268
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.