CVE-2017-3098

CRITICAL

Adobe Captivate <= 9 - Remote Code Execution and Arbitrary File Write via Quiz Reporting Feature

Title source: llm
STIX 2.1

Description

Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038657

Scores

CVSS v3 9.8
EPSS 0.0693
EPSS Percentile 93.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
adobe/captivate < 9.0
n/a/Adobe Captivate 9 and earlier. Adobe Captivate 9 and earlier.
Published Jun 20, 2017
Tracked Since Feb 18, 2026