CVE-2023-22232 Adobe Connect Improper Access Control Security feature bypass

2023-02-1700:00:00

CWE-284

adobe

www.cve.org

adobe connect

improper access control

security feature bypass

cve-2023-22232

vulnerability

exploitation

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.127 Low

EPSS

Percentile

95.5%

JSON

Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Connect",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.5",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "12.1.5",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]