Bulletin ID
Security hotfix available for RoboHelp Server | APSB22-31
|  | Date Published | Priority | 
|---|---|---|
| ASPB22-31 | June 14, 2022 | 3 | 
Summary
Adobe has released a security hotfix for RoboHelp Server 11 (Update 3), and prior releases.  This hotfix resolves a security vulnerability that allows end users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.
 This update resolves a vulnerability rated moderate. Successful exploitation could lead to privilege escalation.
Affected Versions
| Product | Affected version | Platform | 
| RoboHelp Server | RHS 11 Update 3 and earlier versions | Windows | 
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority rating | Availability | 
| 
 RoboHelp Server | RHS 11 (Update 3) | 
 Windows | 
 3 | 
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score  | CVE Numbers | |
|---|---|---|---|---|---|
| Improper Authorization (CWE-285) | Privilege escalation | Moderate | 6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 
 | 
Acknowledgments
Adobe would like to thank Heroku (heroku3) for reporting this issue CVE-2022-30670
and for working with Adobe to help protect our customers.   
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.