Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3409 APSB21-91 Security update available for Adobe Connect 14 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Connect Publisher: Adobe Operating System: Windows macOS Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-40721 CVE-2021-40719 Original Bulletin: https://helpx.adobe.com/security/products/connect/apsb21-91.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security update available for Adobe Connect | APSB21-91 Bulletin ID Date Published Priority APSB21-91 October 12, 2021 2 Summary Adobe has released a security update for Adobe Connect. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution. Affected product versions Product Version Platform Adobe Connect 11.2.2 and earlier versions All Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version. Product Version Platform Priority Availability Adobe Connect 11.2.3 All 2 Release note Vulnerability details Vulnerability Vulnerability CVSS Category Impact Severity base CVSS vector CVE Number score Deserialization Arbitrary CVSS:3.0/AV:N/ of Untrusted Data code Critical 9.8 AC:L/PR:N/UI:N/ CVE-2021-40719 ( CWE-502 ) execution S:U/C:H/I:H/A:H Cross-site Scripting Arbitrary CVSS:3.1/AV:N/ (Reflected XSS) code Important 6.4 AC:L/PR:N/UI:R/ CVE-2021-40721 execution S:U/C:L/I:L/A:N ( CWE-79 ) Acknowledgments Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: o Cyku (CVE-2021-40719) o celesian (CVE-2021-40721) For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYWfS/ONLKJtyKPYoAQh9iRAAllKpb2rpFnRiUZ4IzlrRp9wMVYhyhRL3 XsKRi+mndDbs8qMucizXmfJqYqey3S2866bLtCz46atpDBnMRoVZJln9UKM8QLLq 9iDnJJ+/M5sw7L6fj2B738NeAhDxnpiQi5NYjyMjtZBh4wGwMwsDKYyO7n+V6Hu7 1DsuR46kf28wNg04Ze5Z5pDJo+Bg3o2Q8WvaHtUgEtI8S3MkoCsNfBDs0u68aR0r 0XtOEHGvxH4jd5DiC6UERzin0QvxSFG9V7TjvMskDcz+8gGdSdW1362A2Sf0jy1m prhGNFf345leqp2e5IRTbUtGjg8jBp3XGiwEJnD6K33WBzDkInu0lYIbcgWHeDjW k3OtUlf9hkuYw2TZqFrCxiAwPWS1W4TleJcmQD7gcSUGk9OQoSNJtP8HiJIpaIcO kyTZ4zIy8rKZE1b/EjwOW4vDOIedsBqL7tLxeINESZ16dAFchpWr9iTXIMTn4kSr wAQyRii5u4lHP0SMu0LSdnR+OCayJnXkVwRa6PskGNCWRDQLnVvOzYvhuP/wIX8z jFCoWseY+NZ1g/SHVtT5gpTlWwLEiTV6b3YDXNR2FTHfr/bw1Nwd4txHrmdiCp5x mQ3e3IkgUFVYGsoz6QaClaqfKEBuc2vKRDj1aUEYg2mKPbNTA4F4eMb2JA4z6KHb D4l9ipvCBps= =DxBI -----END PGP SIGNATURE-----