Lucene search

[email protected]NVD:CVE-2021-28588

HistoryJun 28, 2021 - 3:15 p.m.

CVE-2021-28588

2021-06-2815:15:23

CWE-22

[email protected]

web.nvd.nist.gov

adobe

robohelp server

path traversal

vulnerability

http post

arbitrary code execution

user interaction

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.0%

JSON

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Affected configurations

Nvd

Node

adoberobohelp_serverRange≤2019.0.9

VendorProductVersionCPE
adoberobohelp_server*cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	robohelp_server	*	cpe:2.3:a:adobe:robohelp_server::::::::

References

www.zerodayinitiative.com/advisories/ZDI-21-660/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.0%

JSON

Related for NVD:CVE-2021-28588

zdi1 prion1 adobe1 cve1 cvelist1 nessus1