CVE-2021-28579: Adobe Connect improper access control could lead to privilege escalation
First published: Mon Jun 28 2021(Updated: )
Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Connect | <11.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-28579?
CVE-2021-28579 is an Improper access control vulnerability in Adobe Connect version 11.2.1 and earlier.
How does CVE-2021-28579 affect Adobe Connect?
CVE-2021-28579 allows an attacker with 'Learner' permissions to access the list of event participants, leading to the elevation of privileges.
What is the severity of CVE-2021-28579?
CVE-2021-28579 has a severity rating of 4.3 (medium).
How can I fix CVE-2021-28579 in Adobe Connect?
To fix CVE-2021-28579, update Adobe Connect to version 11.2.2 or later.
Where can I find more information about CVE-2021-28579?
You can find more information about CVE-2021-28579 at the following URL: [Adobe Security Bulletin APSB21-36](https://helpx.adobe.com/security/products/connect/apsb21-36.html).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/adobe
- canonical/adobe connect