Connect Adobe Connect

Do you want an email whenever new security vulnerabilities are reported in Adobe Connect?

Recent Adobe Connect Security Advisories

Advisory Title Published
APSB21-112 Security update available for Adobe Connect APSB21-112 December 14, 2021
APSB21-91 Security update available for Adobe Connect APSB21-91 October 12, 2021
APSB21-66 Security update available for Adobe Connect APSB21-66 August 10, 2021
APSB21-36 Security update available for Adobe Connect APSB21-36 June 8, 2021
APSB21-19 Security update available for Adobe Connect APSB21-19 March 9, 2021
APSB20-69 Security update available for Adobe Connect APSB20-69 November 10, 2020

By the Year

In 2022 there have been 0 vulnerabilities in Adobe Connect . Last year Connect had 9 security vulnerabilities published. Right now, Connect is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 9 6.42
2020 2 6.10
2019 1 5.30
2018 5 8.46

It may take a day or so for new Connect vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Connect Security Vulnerabilities

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server

CVE-2021-40719 9.8 - Critical - October 21, 2021

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.

Marshaling, Unmarshaling

Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2021-40721 6.1 - Medium - October 15, 2021

Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter

CVE-2021-36061 5.4 - Medium - September 01, 2021

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording.

Violation of Secure Design Principles

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability

CVE-2021-36062 6.1 - Medium - September 01, 2021

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability

CVE-2021-36063 6.1 - Medium - September 01, 2021

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability

CVE-2021-28579 4.3 - Medium - June 28, 2021

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.

Improper Privilege Management

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2021-21079 6.1 - Medium - March 12, 2021

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.

XSS

Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature

CVE-2021-21085 7.8 - High - March 12, 2021

Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine.

Improper Input Validation

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2021-21080 6.1 - Medium - March 12, 2021

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.

XSS

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2020-24443 6.1 - Medium - November 12, 2020

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2020-24442 6.1 - Medium - November 12, 2020

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability

CVE-2018-19718 5.3 - Medium - January 18, 2019

Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.

Information Disclosure

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability

CVE-2018-12805 9.8 - Critical - July 20, 2018

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

DLL preloading

Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability

CVE-2018-12804 9.8 - Critical - July 20, 2018

Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking.

authentification

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability

CVE-2018-4921 6.1 - Medium - May 19, 2018

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.

Unrestricted File Upload

Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability

CVE-2018-4994 7.5 - High - May 19, 2018

Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.

Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection

CVE-2018-4923 9.1 - Critical - May 19, 2018

Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Adobe Connect or by Adobe? Click the Watch button to subscribe.

Adobe
Vendor

Adobe Connect
Product

subscribe