CVE-2021-28579 MEDIUM

CVE-2021-28579: Adobe Connect improper access control could lead to privilege escalation

Vendor Adobe
Product Connect
Weakness CWE-284
Published June 28, 2021
Last update April 23, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.

Key dates

02Disclosure timeline

June 28, 2021 CVE published
April 23, 2025 Record updated