CVE-2021-36061
Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings
In short
Adobe Connect has a flaw that allows someone without authentication to edit or delete recordings if they receive a specially crafted link. An attacker could manipulate a recording parameter to perform unauthorized modifications.
Technical detail
CVE-2021-36061 exploits improper validation of the 'pbMode' parameter in Adobe Connect 11.2.2 and earlier, allowing unauthenticated attackers to modify or delete recordings. The attack requires social engineering to distribute a malicious link to a victim, but no prior authentication or special system access is needed.
Summary generated and translated by AI from the official description.
Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Affected products
Adobe · ConnectWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →