Vulnerabilities > CVE-2021-36061 - Violation of Secure Design Principles vulnerability in Adobe Connect

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

adobe

CWE-657

NVD

Published: 2021-09-01

Updated: 2021-09-09

Summary

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Connect - Adobe Connect 1.0.0.1 Adobe Connect 6.0 Adobe Connect 6.1 Adobe Connect 6.2 Adobe Connect 6.3 Adobe Connect 7.0 Adobe Connect 7.2 Adobe Connect 7.3 Adobe Connect 7.5 Adobe Connect 8.0 Adobe Connect 8.1 Adobe Connect 8.2 Adobe Connect 8.2.1 Adobe Connect 8.2.2 Adobe Connect 9.0 Adobe Connect 9.0.2 Adobe Connect 9.0.3 Adobe Connect 9.1 Adobe Connect 9.1.2 Adobe Connect 9.2 Adobe Connect 9.3 Adobe Connect 9.4.1 Adobe Connect 9.4.2 Adobe Connect 9.5 Adobe Connect 9.5.2 Adobe Connect 9.5.3 Adobe Connect 9.5.4 Adobe Connect 9.5.5 Adobe Connect 9.5.6 Adobe Connect 9.5.7 Adobe Connect 9.6 Adobe Connect 9.6.1 Adobe Connect 9.6.2 Adobe Connect 9.7 Adobe Connect 9.7.5 Adobe Connect 9.8 Adobe Connect 9.8.1 Adobe Connect 10 Adobe Connect 10.1 Adobe Connect 10.2 Adobe Connect 10.5 Adobe Connect 10.6 Adobe Connect 10.6.1 Adobe Connect 10.6.2 Adobe Connect 10.8 Adobe Connect 11.0 Adobe Connect 11.0.5 Adobe Connect 11.0.6 Adobe Connect 11.0.7 Adobe Connect 11.2 Adobe Connect 11.2.1	52

Common Weakness Enumeration (CWE)

CWE-657 - Violation of Secure Design Principles

References

https://helpx.adobe.com/security/products/connect/apsb21-66.html