CVE-2021-28579

MEDIUM

Adobe Connect < 11.2.2 - Improper Access Control

Title source: llm
STIX 2.1

Description

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.

References (1)

Core 1
Core References

Scores

CVSS v3 4.3
EPSS 0.0109
EPSS Percentile 61.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (1)
adobe/connect < 11.2.2
Published Jun 28, 2021
Tracked Since Feb 18, 2026