Adobe Security Bulletin

Security updates available for Adobe Connect | APSB21-19

Bulletin ID

Date Published

Priority

APSB21-19

March 09, 2021

3

Summary

Adobe has released a security update for Adobe Connect.  This update resolves a critical and an important vulnerability. Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.              

Affected product versions

Product

Version

Platform

Adobe Connect

11.0.5 and earlier versions            

All

Solution

Adobe categorizes these updates with the following  priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe Connect

11.2 

All

3

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Improper Input Validation 

Arbitrary code execution

Critical

CVE-2021-21085

 

Reflected cross-site scripting

 

Arbitrary JavaScript execution in the browser

 

Important

CVE-2021-21079

CVE-2021-21080

CVE-2021-21081

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Lemonoftroy (CVE-2021-21079)   
  • kickass (janthraper)(CVE-2021-21085) 
  • Muhammed Ahmed (elpast) (CVE-2021-21080, CVE-2021-21081)  

Revisions

March 09, 2021: Updated CVE id from CVE-2021-21078 to CVE-2021-21085

شعار Adobe

تسجيل الدخول إلى حسابك