Vulnerabilities > CVE-2021-28588 - Unspecified vulnerability in Adobe Robohelp Server

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

adobe

NVD

Published: 2021-06-28

Updated: 2024-11-21

Summary

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Robohelp Server - Adobe Robohelp Server 6 Adobe Robohelp Server 7 Adobe Robohelp Server 8 Adobe Robohelp Server 11 Adobe Robohelp Server 11.4 Adobe Robohelp Server 2019.0.9	10

References

https://www.zerodayinitiative.com/advisories/ZDI-21-660/
https://www.zerodayinitiative.com/advisories/ZDI-21-660/