CVE-2021-42727

Name of the Vulnerable Software and Affected Versions Adobe RoboHelp Server versions 2020.0.1 and earlier Adobe Bridge versions 11.1.1 and earlier

Description The issue is related to the possibility of uploading arbitrary files outside of the intended directory, potentially allowing a remote attacker to execute arbitrary code in the context of the current user. Exploitation may require user interaction, such as opening a crafted file or navigating to a planted file on the server. The vulnerability is due to insecure handling of crafted files or path traversal.

Recommendations For Adobe RoboHelp Server versions 2020.0.1 and earlier, restrict access to the file upload functionality until a patch is available. For Adobe Bridge versions 11.1.1 and earlier, avoid opening crafted files in Bridge until the issue is resolved. As a temporary workaround, consider disabling the file upload feature in Adobe RoboHelp Server and limiting access to sensitive files in Adobe Bridge until a patch is available.