CVE-2023-22273

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html	Release Notes Vendor Advisory
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:44

Type	Values Removed	Values Added
References	~~() https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html - Release Notes, Vendor Advisory~~	() https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html - Release Notes, Vendor Advisory

22 Nov 2023, 17:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-17 13:15

Updated : 2024-11-21 07:44

NVD link : CVE-2023-22273

Mitre link : CVE-2023-22273

CVE.ORG link : CVE-2023-22273

JSON object : View

Products Affected

adobe

robohelp_server

microsoft

windows

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-22273", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-11-17T13:15:08.097", "references": [{"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction."}, {"lang": "es", "value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo por parte de un atacante autenticado por un administrador. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."}], "lastModified": "2024-11-21T07:44:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2", "versionEndIncluding": "11.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}

7.2 /10