CVE-2021-21085 HIGH

CVE-2021-21085: Adobe Connect CSV injection via export feature could lead to code execution

Vendor Adobe
Product Connect
Weakness CWE-20 · Input validation
Published March 12, 2021
Last update April 23, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine.

Key dates

02Disclosure timeline

March 12, 2021 CVE published
April 23, 2025 Record updated