Vulnerabilities > CVE-2021-40719 - Deserialization of Untrusted Data vulnerability in Adobe Connect

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

adobe

CWE-502

NVD

Published: 2021-10-21

Updated: 2023-11-07

Summary

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Connect - Adobe Connect 1.0.0.1 Adobe Connect 6.0 Adobe Connect 6.1 Adobe Connect 6.2 Adobe Connect 6.3 Adobe Connect 7.0 Adobe Connect 7.2 Adobe Connect 7.3 Adobe Connect 7.5 Adobe Connect 8.0 Adobe Connect 8.1 Adobe Connect 8.2 Adobe Connect 8.2.1 Adobe Connect 8.2.2 Adobe Connect 9.0 Adobe Connect 9.0.2 Adobe Connect 9.0.3 Adobe Connect 9.1 Adobe Connect 9.1.2 Adobe Connect 9.2 Adobe Connect 9.3 Adobe Connect 9.4.1 Adobe Connect 9.4.2 Adobe Connect 9.5 Adobe Connect 9.5.2 Adobe Connect 9.5.3 Adobe Connect 9.5.4 Adobe Connect 9.5.5 Adobe Connect 9.5.6 Adobe Connect 9.5.7 Adobe Connect 9.6 Adobe Connect 9.6.1 Adobe Connect 9.6.2 Adobe Connect 9.7 Adobe Connect 9.7.5 Adobe Connect 9.8 Adobe Connect 9.8.1 Adobe Connect 10 Adobe Connect 10.1 Adobe Connect 10.2 Adobe Connect 10.5 Adobe Connect 10.6 Adobe Connect 10.6.1 Adobe Connect 10.6.2 Adobe Connect 10.8 Adobe Connect 11.0 Adobe Connect 11.0.5 Adobe Connect 11.0.6 Adobe Connect 11.0.7 Adobe Connect 11.2 Adobe Connect 11.2.1 Adobe Connect 11.2.2	53

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://helpx.adobe.com/security/products/connect/apsb21-91.html