CVE-2023-22232

MEDIUM5.3

Public PoCHigh EPSS

Description

Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected products

Adobe / Connectunspecified – 11.4.5
Adobe / Connectunspecified – 12.1.5
Adobe / Connectunspecified – None

Exploits & PoCs

nucleiAdobe Connect < 12.1.5 - Local File Disclosureby 0xr2r

References

VENDOR_ADVISORYhttps://helpx.adobe.com/security/products/connect/apsb23-05.html
EXPLOIThttp://packetstormsecurity.com/files/171390/Adobe-Connect-11.4.5-12.1.5-Local-File-Disclosure.html