Bulletin ID
Last updated on
16 May 2021
|
Also applies to Adobe Connect
Security updates available for Adobe Connect | APSB17-22
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-22 |
July 11, 2017 |
3 |
Summary
Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101).
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Connect |
9.6.1 and earlier |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe Connect |
9.6.2 |
Windows |
3 |
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
User Interface (UI) Misrepresentation of Critical Information |
Clickjacking attacks |
Moderate |
CVE-2017-3101 |
|
Improper Neutralization of Input During Web Page Generation |
Cross-site scripting attacks |
Important |
CVE-2017-3102 |
|
Improper Neutralization of Input During Web Page Generation |
Cross-site scripting attacks |
Important |
CVE-2017-3103 |
Acknowledgments
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Anas Roubi (CVE-2017-3101)
- Adam Willard of Blue Canopy (CVE-2017-3102)
- Alexis Laborier (CVE-2017-3103)
Revisions
20 July, 2017: Updated acknowledgement for CVE-2017-3102 to Blue Canopy.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online