Lucene search

CVE-2023-22232

🗓️ 17 Feb 2023 22:13:15Reported by adobeType

cve🔗 web.nvd.nist.gov👁 100 Views🌐 WEB

Adobe Connect versions 11.4.5 and 12.1.5 are affected by Improper Access Control vulnerability, leading to Security feature bypass

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
0day.today	Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure Vulnerability	20 Mar 202300:00	–	zdt
0day.today	Adobe Connect 11.4.5 - Local File Disclosure Vulnerability	8 Apr 202300:00	–	zdt
Vulnrichment	CVE-2023-22232 Adobe Connect Improper Access Control Security feature bypass	17 Feb 202300:00	–	vulnrichment
Nuclei	Adobe Connect < 12.1.5 - Local File Disclosure	9 Dec 202309:38	–	nuclei
Packet Storm	Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure	20 Mar 202300:00	–	packetstorm
CNVD	Adobe Connect Access Control Error Vulnerability (CNVD-2023-14294)	17 Feb 202300:00	–	cnvd
Tenable Nessus	Adobe Connect <= 11.4.5 Security Feature Bypass Vulnerability (APSB23-05)	14 Feb 202300:00	–	nessus
NVD	CVE-2023-22232	17 Feb 202322:15	–	nvd
Cvelist	CVE-2023-22232 Adobe Connect Improper Access Control Security feature bypass	17 Feb 202300:00	–	cvelist
Prion	Improper access control	17 Feb 202322:15	–	prion

Nvd

Vulners

Node

adobe connectRange11.0–11.4.5

adobe connectRange12.0–12.1.5

[
  {
    "vendor": "Adobe",
    "product": "Connect",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.5",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "12.1.5",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/171390/Adobe-Connect-11.4.5-12.1.5-Local-File-Disclosure.html
helpx	www.helpx.adobe.com/security/products/connect/apsb23-05.html

Parameter	Position	Path	Description	CWE
download-url	query param	/[folder]/download	Improper Access Control allowing Local File Disclosure via crafted download requests.	CWE-284
name	query param	/[folder]/download	Improper Access Control allowing Local File Disclosure via crafted download requests.	CWE-284
output	query param	/[folder]/download	Improper Access Control allowing multiple file downloads as a zip file via crafted requests.	CWE-284
download_type	query param	/[folder]/download	Improper Access Control allowing multiple file downloads as a zip file via crafted requests.	CWE-284
ffn	query param	/[folder]/download	Improper Access Control allowing multiple file downloads as a zip file via crafted requests.	CWE-284
baseContentUrl	query param	/[folder]/download	Improper Access Control allowing multiple file downloads as a zip file via crafted requests.	CWE-284

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Feb 2023 22:15Current

4.9Medium risk

Vulners AI Score4.9

CVSS35.3

EPSS0.88663

SSVC

CWE-284