Operating System:

[WIN][MAC]

Published:

14 October 2021

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2021.3409 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3409
           APSB21-91 Security update available for Adobe Connect
                              14 October 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Connect
Publisher:         Adobe
Operating System:  Windows
                   macOS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-40721 CVE-2021-40719 

Original Bulletin: 
   https://helpx.adobe.com/security/products/connect/apsb21-91.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update available for Adobe Connect | APSB21-91

Bulletin ID                  Date Published                 Priority

APSB21-91                October 12, 2021                    2


Summary

Adobe has released a security update for Adobe Connect. This update resolves
critical and important vulnerabilities. Successful exploitation could lead to
arbitrary code execution.

Affected product versions

Product                          Version                     Platform

Adobe Connect         11.2.2 and earlier versions                 All


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the latest version.


Product          Version     Platform     Priority      Availability

Adobe Connect        11.2.3      All          2            Release note


Vulnerability details

  Vulnerability   Vulnerability           CVSS
    Category         Impact     Severity  base    CVSS vector      CVE Number
                                          score

Deserialization   Arbitrary                     CVSS:3.0/AV:N/
of Untrusted Data code          Critical  9.8   AC:L/PR:N/UI:N/  CVE-2021-40719
( CWE-502 )       execution                     S:U/C:H/I:H/A:H

Cross-site
Scripting         Arbitrary                     CVSS:3.1/AV:N/
(Reflected XSS)   code          Important 6.4   AC:L/PR:N/UI:R/  CVE-2021-40721
                  execution                     S:U/C:L/I:L/A:N
( CWE-79 )


Acknowledgments

Adobe would like to thank the following for reporting these issues and for
working with Adobe to help protect our customers:

  o Cyku (CVE-2021-40719)

  o celesian (CVE-2021-40721)


For more information, visit https://helpx.adobe.com/security.html , or email
PSIRT@adobe.com.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYWfS/ONLKJtyKPYoAQh9iRAAllKpb2rpFnRiUZ4IzlrRp9wMVYhyhRL3
XsKRi+mndDbs8qMucizXmfJqYqey3S2866bLtCz46atpDBnMRoVZJln9UKM8QLLq
9iDnJJ+/M5sw7L6fj2B738NeAhDxnpiQi5NYjyMjtZBh4wGwMwsDKYyO7n+V6Hu7
1DsuR46kf28wNg04Ze5Z5pDJo+Bg3o2Q8WvaHtUgEtI8S3MkoCsNfBDs0u68aR0r
0XtOEHGvxH4jd5DiC6UERzin0QvxSFG9V7TjvMskDcz+8gGdSdW1362A2Sf0jy1m
prhGNFf345leqp2e5IRTbUtGjg8jBp3XGiwEJnD6K33WBzDkInu0lYIbcgWHeDjW
k3OtUlf9hkuYw2TZqFrCxiAwPWS1W4TleJcmQD7gcSUGk9OQoSNJtP8HiJIpaIcO
kyTZ4zIy8rKZE1b/EjwOW4vDOIedsBqL7tLxeINESZ16dAFchpWr9iTXIMTn4kSr
wAQyRii5u4lHP0SMu0LSdnR+OCayJnXkVwRa6PskGNCWRDQLnVvOzYvhuP/wIX8z
jFCoWseY+NZ1g/SHVtT5gpTlWwLEiTV6b3YDXNR2FTHfr/bw1Nwd4txHrmdiCp5x
mQ3e3IkgUFVYGsoz6QaClaqfKEBuc2vKRDj1aUEYg2mKPbNTA4F4eMb2JA4z6KHb
D4l9ipvCBps=
=DxBI
-----END PGP SIGNATURE-----