CVE-2021-28579

Published: Jun 28, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: psirt@adobe.com (Secondary)

Description

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.

Affected (1)

Products: Adobe: Connect

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Connect	Before 11.2.2

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://helpx.adobe.com/security/products/connect/apsb21-36.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/connect/apsb21-36.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.