CVE-2021-40719

CRITICAL

Adobe Connect <11.2.3 - Code Injection

Title source: llm

Description

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.

References (1)

[Release Notes, Vendor Advisory] https://helpx.adobe.com/security/products/connect/apsb21-91.html

Scores

CVSS v3 9.8

EPSS 0.2493

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

adobe/connect < 11.2.3

Timeline

Published Oct 21, 2021

Tracked Since Feb 18, 2026