CVE-2022-30670 HIGH

CVE-2022-30670: Escalate Privileges to Server Admin - Robohelp Server

Vendor Adobe

Product RoboHelp

Weakness CWE-285

Published June 16, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

June 16, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-30670

Related vulnerabilities

04Related CVE

CVE-2023-38135 CVE-2025-11815 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update CVE-2026-32704 SiYuan renderSprig: missing admin check allows any user to read full workspace DB CVE-2021-24195 Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User CVE-2026-11521 Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization

Identifiers

CVE CVE-2022-30670

CWE CWE-285

CVSS 8.8 / HIGH

Affected versions

Vendor Adobe

Product RoboHelp

Affected ≥ unspecified and ≤ <RHS11U3

Vendor Adobe

Product RoboHelp

Affected ≥ unspecified and ≤ None