某些 Creative Cloud 应用程序、服务和功能在中国不可用。
Adobe has released a security update for Adobe Connect. This update resolves a critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2017-11291) that could be abused to bypass network access controls. This update also resolves three input validation vulnerabilities rated Important (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289) that could be used in reflected cross-site scripting attacks. Finally, this update includes a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks (CVE-2017-11290).
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority | Availability |
| Adobe Connect | 9.7 | All | 3 | Release note |
Note:
Adobe Connect 9.7 rolls out in following phases:
Hosted services: Starting November 10, 2017; check the migration schedule for your account here.
On-premise deployments: Starting November 17, 2017
Managed services: Contact your Adobe Connect managed services representative to schedule your update.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Server-Side Request Forgery (SSRF) | Network access control bypass | Critical | CVE-2017-11291 |
| Reflected Cross-site Scripting | Information disclosure |
Important | CVE-2017-11287 |
| Reflected Cross-site Scripting | Information disclosure |
Important |
CVE-2017-11288 |
| Reflected Cross-site Scripting | Information disclosure | Important | CVE-2017-11289 |
| UI Redress (or Clickjacking) | Information disclosure | Important | CVE-2017-11290 |