Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-30670
HistoryJun 16, 2022 - 5:15 p.m.

CVE-2022-30670

2022-06-1617:15:08
CWE-285
[email protected]
web.nvd.nist.gov
3
robohelp server
authorization
privilege escalation
authenticated attacker
administrator privileges
exploitation without interaction

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.8%

JSON

RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.

Affected configurations

Nvd
Node
adoberobohelp_serverRange<11
OR
adoberobohelp_serverMatch11-
OR
adoberobohelp_serverMatch11update1
OR
adoberobohelp_serverMatch11update2
OR
adoberobohelp_serverMatch11update3
AND
microsoftwindowsMatch-
VendorProductVersionCPE
adoberobohelp_server*cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*
adoberobohelp_server11cpe:2.3:a:adobe:robohelp_server:11:-:*:*:*:*:*:*
adoberobohelp_server11cpe:2.3:a:adobe:robohelp_server:11:update1:*:*:*:*:*:*
adoberobohelp_server11cpe:2.3:a:adobe:robohelp_server:11:update2:*:*:*:*:*:*
adoberobohelp_server11cpe:2.3:a:adobe:robohelp_server:11:update3:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Related

adobe 1
prion 1
cvelist 1
cve 1
openvas 1
nessus 1
adobe
adobe
APSB22-31 : Security hotfix available forβ€―RoboHelp Server
2022-06-14 00:00:00
prion
prion
Authorization
2022-06-16 17:15:00
cvelist
cvelist
CVE-2022-30670 Escalate Privileges to Server Admin - Robohelp Server
2022-06-16 16:56:25
cve
cve
CVE-2022-30670
2022-06-16 17:15:08
openvas
openvas
Adobe RoboHelp Server < 11.3 Improper Authorization Vulnerability (APSB22-31)
2023-11-20 00:00:00
nessus
nessus
Adobe RoboHelp Server < 11 Update 3 Privilege Escalation (APSB22-31)
2022-06-16 00:00:00

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.8%

JSON
Related for NVD:CVE-2022-30670
adobe1prion1cvelist1cve1openvas1nessus1