Headline
CVE-2022-30670: Adobe Security Bulletin
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.
Security hotfix available for RoboHelp Server | APSB22-31
Bulletin ID
Date Published
Priority
ASPB22-31
June 14, 2022
3
Summary
Adobe has released a security hotfix for RoboHelp Server 11 (Update 3), and prior releases. This hotfix resolves a security vulnerability that allows end users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.
This update resolves a vulnerability rated moderate. Successful exploitation could lead to privilege escalation.
Affected Versions
RHS 11 Update 3 and earlier versions
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
Product
Version
Platform
Priority rating
Availability
RoboHelp Server
RHS 11 (Update 3)
Windows
3
Release notes
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Numbers
Improper Authorization (CWE-285)
Privilege escalation
Moderate
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2022-30670
Acknowledgments
Adobe would like to thank Heroku (heroku3) for reporting this issue CVE-2022-30670
and for working with Adobe to help protect our customers.
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].