First published: Fri Nov 17 2023(Updated: )
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
|Affected Software||Affected Version||How to fix|
|Adobe RoboHelp Server||<=11.4|
The vulnerability ID for this Adobe RoboHelp Server vulnerability is CVE-2023-22274.
The title of this Adobe RoboHelp Server vulnerability is ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability.
Adobe RoboHelp Server versions 11.4 and earlier are affected by this vulnerability.
The severity rating of this vulnerability is high, with a rating of 7.5.
No, exploitation of this vulnerability does not require user interaction.
An unauthenticated attacker can exploit this vulnerability to disclose information.
No, Microsoft Windows is not affected by this vulnerability.
You can find more information about this vulnerability on the Adobe security advisory page: https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html
The Common Weakness Enumeration (CWE) number for this vulnerability is CWE-611.