Hotfix for unauthorized elevated access in RoboHelp Server 11

Ara

Son güncelleme: 15 Haz 2022

Issue

Adobe has released a security hotfix for RoboHelp Server 11 (Update 3), and prior releases. This hotfix resolves a security vulnerability that allows end users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.

For more information about the vulnerability, see Adobe Security bulletin (APSB22-31).

Solution

To resolve this issue, perform the following:

Not:

Before making any changes, ensure to take a backup of the database and the /WEB-INF/classes folder of the installation directory. Also, close any working instances of the RoboHelp Server and the Tomcat server.

Download and extract contents from the below ZIP file.

İndir

Dosyayı alın
security_fixes.zip
Extract the contents of the ZIP file.
The ZIP contains the following updated files:
- WebAdmin.class
- WebAdminGroup.class
- WebAdminReport.class
Navigate to the WEB-INF folder where RoboHelp Server 11 is installed.
The default install location is: C:/Program Files/Adobe/Adobe RoboHelp Server 11
Replace the WebAdmin.class, WebAdminGroup.class, and WebAdminReport.class files under WEB-INF/classes/adobe/robohelp/server/ folder with the updated files extracted in Step 2.
Restart the Tomcat server.