Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-30670

RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.

Published

2022-06-16T17:15:08.423

Last Modified

2024-11-21T07:03:08.453

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-285

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	robohelp_server	< 11	Yes
Application	adobe	robohelp_server	11	Yes
Application	adobe	robohelp_server	11	Yes
Application	adobe	robohelp_server	11	Yes
Application	adobe	robohelp_server	11	Yes
Operating System	microsoft	windows	-	No

References

https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html Vendor Advisory ([email protected])
https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)