CVE-2023-22274: ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability
First published: Fri Nov 17 2023(Updated: )
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe RoboHelp Server | <=11.4 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe RoboHelp Server vulnerability?
The vulnerability ID for this Adobe RoboHelp Server vulnerability is CVE-2023-22274.
What is the title of this Adobe RoboHelp Server vulnerability?
The title of this Adobe RoboHelp Server vulnerability is ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability.
Which versions of Adobe RoboHelp Server are affected by this vulnerability?
Adobe RoboHelp Server versions 11.4 and earlier are affected by this vulnerability.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is high, with a rating of 7.5.
Is user interaction required for exploiting this vulnerability?
No, exploitation of this vulnerability does not require user interaction.
How can an attacker exploit this vulnerability?
An unauthenticated attacker can exploit this vulnerability to disclose information.
Is Microsoft Windows affected by this vulnerability?
No, Microsoft Windows is not affected by this vulnerability.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Adobe security advisory page: https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html
What is the Common Weakness Enumeration (CWE) number for this vulnerability?
The Common Weakness Enumeration (CWE) number for this vulnerability is CWE-611.
- collector/nvd-api
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe robohelp server
- version/adobe robohelp server/11.4
- vendor/microsoft
- canonical/microsoft windows