Multiple vulnerabilities in Adobe Connect
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2024-54044 CVE-2024-54049 CVE-2024-54048 CVE-2024-54047 CVE-2024-54046 CVE-2024-54045 CVE-2024-54043 CVE-2024-54032 CVE-2024-54042 CVE-2024-54041 CVE-2024-54040 CVE-2024-49550 CVE-2024-54039 CVE-2024-54037 CVE-2024-54036 CVE-2024-54034 CVE-2024-54033 CVE-2024-54035 CVE-2024-54050 CVE-2024-54051 CVE-2024-54052 CVE-2024-54038 |
| CWE-ID | CWE-79 CWE-284 CWE-285 CWE-601 CWE-918 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Adobe Connect Client/Desktop applications / Other client software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU101564
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54044
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU101569
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54049
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU101568
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54048
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU101567
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54047
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU101566
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54046
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cross-site scripting
EUVDB-ID: #VU101565
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54045
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cross-site scripting
EUVDB-ID: #VU101563
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54043
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cross-site scripting
EUVDB-ID: #VU101553
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54032
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site scripting
EUVDB-ID: #VU101562
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54042
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Cross-site scripting
EUVDB-ID: #VU101561
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54041
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Cross-site scripting
EUVDB-ID: #VU101560
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54040
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Cross-site scripting
EUVDB-ID: #VU101559
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-49550
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Cross-site scripting
EUVDB-ID: #VU101558
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54039
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Cross-site scripting
EUVDB-ID: #VU101557
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54037
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Cross-site scripting
EUVDB-ID: #VU101556
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54036
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Cross-site scripting
EUVDB-ID: #VU101555
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54034
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper access control
EUVDB-ID: #VU101570
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54033
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions. A remote attacker can trick the victim into clocking on a specially crafted URL and bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper Authorization
EUVDB-ID: #VU101571
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54035
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to improper authorization. A remote non-authenticated attacker can gain unauthorized access to the application.
Install updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Open redirect
EUVDB-ID: #VU101572
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54050
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Open redirect
EUVDB-ID: #VU101573
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54051
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU101574
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-54052
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper access control
EUVDB-ID: #VU101575
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-54038
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Connect: 11.0 - 12.6.1
CPE2.3- cpe:2.3:a:adobe:adobe_connect:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_connect:11.0.6:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/connect/apsb24-99.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
