CVE-2021-36061

Name of the Vulnerable Software and Affected Versions Adobe Connect versions 11.2.2 and earlier

Description The issue is related to a secure design principles violation, specifically concerning the structure of web pages. This could allow a remote attacker to execute arbitrary code. An unauthenticated attacker could leverage this issue to edit or delete recordings on the Connect environment by exploiting the pbMode parameter. Exploitation requires user interaction, where a victim must publish a link of a Connect recording.

Recommendations For Adobe Connect versions 11.2.2 and earlier, update to a version that addresses the secure design principles violation to prevent exploitation of the pbMode parameter. As a temporary workaround, consider restricting access to the Connect environment to minimize the risk of unauthorized recording edits or deletions. Avoid publishing links of Connect recordings until the issue is resolved.