Description
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/connect/apsb21-91.html
Scores
CVSS v3
9.8
EPSS
0.0342
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
adobe/connect
< 11.2.3
Published
Oct 21, 2021
Tracked Since
Feb 18, 2026