CVE-2021-28588

Name of the Vulnerable Software and Affected Versions Adobe RoboHelp Server versions 2019.0.9 and earlier

Description The issue exists due to incorrect restriction of the directory path name with limited access. Exploitation may allow a remote attacker to read arbitrary files using a specially crafted HTTP request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Recommendations For Adobe RoboHelp Server versions 2019.0.9 and earlier, update to a version that contains a fix for this issue to prevent arbitrary code execution and directory traversal vulnerabilities. As a temporary workaround, consider restricting access to the folderId directory to minimize the risk of exploitation.