CVE-2023-22274 ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...

CVE-2023-22274 ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...

CVE-2023-22268

Adobe RoboHelp Server versions 11.4 and earlier are affected by an SQL Injection vulnerability (CVE-2023-22268) that could lead to information disclosure by a low-privileged authenticated attacker, with exploitation not requiring user interaction. The root cause is improper neutralization of spec...

CVE-2023-22268 ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require us...

CVE-2023-22268 ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require us...

CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

CVE-2023-22273

CVE-2023-22273 affects Adobe RoboHelp Server; the path traversal vulnerability in RoboHelp Server versions 11.4 and earlier could allow an admin-authenticated attacker to achieve remote code execution. Public sources confirm the issue as part of APSB23-53 (update to 11 Update 5). The connected do...

Adobe RoboHelp 安全漏洞

Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. A path traversal vulnerability exists in Adobe RoboHelp Server, which can be exploited by an attacker to execute arbitrary code on the system by sending a specially crafted URL request that contains...

Adobe RoboHelp 安全漏洞

Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. An information disclosure vulnerability exists in Adobe RoboHelp Server, which can be exploited by an attacker to obtain sensitive information...

Adobe RoboHelp 安全漏洞

Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. An SQL injection vulnerability exists in Adobe RoboHelp Server. An attacker could use this vulnerability to view, add, modify, or delete information in the back-end database...

Adobe RoboHelp Security Vulnerability

Adobe RoboHelp is a software application from Adobe, Inc. Next-generation software for authoring and publishing help, strategy and knowledge base content. A security vulnerability exists in Adobe RoboHelp version 11.4 and prior versions, which stems from the presence of an XML External Entity...

Adobe RoboHelp Server < 11 Update 5 Multiple Vulnerabilities (APSB23-53)

The version of Adobe RoboHelp Server installed on the remote host is prior to 11 Update 5. It is, therefore affected by multiple vulnerabilities: - XML external entity XXE vulnerability. CVE-2023-22274 - Information disclosure due to a memory leak. CVE-2023-22272 - Path traversal vulnerability...

Adobe RoboHelp 安全漏洞

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. Adobe RoboHelp Server suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the...

Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the getRHSGroupsForRoles method. The issue results from the lack of proper...

Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe RoboHelp Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the OnPublishFile method. The issue results from the lack of proper validation of a...

Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resolveDistinguishedName method. The issue results from the lack of...

Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateCommandStream method. Due to the improper restriction of XML...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities affecting multiple Adobe products. A cyber threat actor could exploit some of these vulnerabilities to take control of affected system. CISA encourages users and administrators to review the following advisories and apply the necessar...

PT-2023-7078 · Adobe · Robohelp Server

Name of the Vulnerable Software and Affected Versions: Adobe RoboHelp Server versions 11.4 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This could lead to information disclosure...