CVE-2021-28588

HIGH

Adobe RoboHelp Server < 2019.0.9 - Authenticated Path Traversal via HTTP POST Request

Title source: llm
STIX 2.1

Description

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-660/

Scores

CVSS v3 8.8
EPSS 0.0621
EPSS Percentile 92.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
adobe/robohelp_server < 2019.0.9
Published Jun 28, 2021
Tracked Since Feb 18, 2026