Request a Demo
Rewterz
STOP aka DJVU Ransomware – Active IOCs
December 30, 2024
Rewterz
Credit Cards of ZAGG Customers Stolen by Threat Actors in Third-Party Breach
December 30, 2024

Multiple Adobe Connect Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-54051 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2024-54050 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVE-2024-54049 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54048 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54047 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54046 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54045 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54044 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54043 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54042 CVSS:6.1

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2024-54041 CVSS:5.4

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2024-54040 CVSS:5.4

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Impact

  • Gain Access
  • Cross-Site Scripting

Indicators of Compromise

CVE

  • CVE-2024-54051
  • CVE-2024-54050
  • CVE-2024-54049
  • CVE-2024-54048
  • CVE-2024-54047
  • CVE-2024-54046
  • CVE-2024-54045
  • CVE-2024-54044
  • CVE-2024-54043
  • CVE-2024-54042
  • CVE-2024-54041
  • CVE-2024-54040

Affected Vendors

Adobe

Affected Products

  • Adobe Connect 12.6
  • Adobe Connect 11.4.7

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Security Advisory