Headline
CVE-2021-21080: Adobe Security Bulletin
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim’s browser when they browse to the page containing the vulnerable field.
Security updates available for Adobe Connect | APSB21-19
Bulletin ID
Date Published
Priority
APSB21-19
March 09, 2021
3
Adobe has released a security update for Adobe Connect. This update resolves a critical and an important vulnerability. Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim’s browser.
Product
Version
Platform
Adobe Connect
11.0.5 and earlier versions
All
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product
Version
Platform
Priority
Availability
Adobe Connect
11.2
All
3
Release note
Vulnerability Category
Vulnerability Impact
Severity
CVE Number
Improper Input Validation
Arbitrary code execution
Critical
CVE-2021-21085
Reflected cross-site scripting
Arbitrary JavaScript execution in the browser
Important
CVE-2021-21079
CVE-2021-21080
CVE-2021-21081
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Lemonoftroy (CVE-2021-21079)
- kickass (janthraper)(CVE-2021-21085)
- Muhammed Ahmed (elpast) (CVE-2021-21080, CVE-2021-21081)
March 09, 2021: Updated CVE id from CVE-2021-21078 to CVE-2021-21085