Adobe Security Bulletin

Security hotfix available for RoboHelp Server | APSB22-31

Bulletin ID

Date Published

Priority

ASPB22-31

June 14,  2022     

3

Summary

Adobe has released a security hotfix for RoboHelp Server 11 (Update 3), and prior releases.  This hotfix resolves a security vulnerability that allows end users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.
 This update resolves a vulnerability rated moderate. Successful exploitation could lead to privilege escalation.

Affected Versions

Product

Affected version

Platform

RoboHelp Server

RHS 11 Update 3 and earlier versions
 

Windows

Solution

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:  

Product

Version

Platform

Priority rating

Availability

 

RoboHelp Server

RHS 11 (Update 3)

 

Windows

 

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Improper Authorization (CWE-285)

Privilege escalation

Moderate

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N


CVE-2022-30670
 

Acknowledgments

Adobe would like to thank Heroku (heroku3) for reporting this issue CVE-2022-30670
and for working with Adobe to help protect our customers.   


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

 Adobe

Get help faster and easier

New user?

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online