Bulletin ID
Last updated on
Jun 14, 2022
Security hotfix available for RoboHelp Server | APSB22-31
|
|
Date Published |
Priority |
|---|---|---|
|
ASPB22-31 |
June 14, 2022 |
3 |
Summary
Adobe has released a security hotfix for RoboHelp Server 11 (Update 3), and prior releases. This hotfix resolves a security vulnerability that allows end users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.
This update resolves a vulnerability rated moderate. Successful exploitation could lead to privilege escalation.
Affected Versions
|
Product |
Affected version |
Platform |
|
RoboHelp Server |
RHS 11 Update 3 and earlier versions |
Windows |
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority rating |
Availability |
|
RoboHelp Server |
RHS 11 (Update 3) |
Windows |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Improper Authorization (CWE-285) |
Privilege escalation |
Moderate |
6.5 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
Acknowledgments
Adobe would like to thank Heroku (heroku3) for reporting this issue CVE-2022-30670
and for working with Adobe to help protect our customers.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.