Описание
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.2.3 (включая)
cpe:2.3:a:adobe:connect:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.24933
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
Связанные уязвимости
github
больше 3 лет назад
Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.
EPSS
Процентиль: 96%
0.24933
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502