What is CVE-2017-11291?

CVE-2017-11291 is a critical-severity vulnerability in Adobe Connect, classified under Server-Side Request Forgery (SSRF). CVSS score: 10.0/10. Published 2017-12-09.

How severe is CVE-2017-11291?

Critical severity. CVSS v3 base score is 10.0 out of 10.

SSRF in Adobe Connect

CVE-2017-11291

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.021 (84.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Adobe Connect
N/a Adobe Connect 9.6.2 And Earlier Versions — versions Adobe Connect 9.6.2 and earlier versions

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@adobe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@adobe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-11291?: CVE-2017-11291 is a critical-severity vulnerability in Adobe Connect, classified under Server-Side Request Forgery (SSRF). CVSS score: 10.0/10. Published 2017-12-09.
How severe is CVE-2017-11291?: Critical severity. CVSS v3 base score is 10.0 out of 10.