CVE-2021-36061 MEDIUM

CVE-2021-36061: Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings

Vendor Adobe
Product Connect
Weakness CWE-657
Published September 1, 2021
Last update September 16, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording.

Key dates

02Disclosure timeline

September 1, 2021 CVE published
September 16, 2024 Record updated