====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN151
_____________________________________________________________________

DATE                : 10/03/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Connect versions prior to
                                         11.2.

=====================================================================
https://helpx.adobe.com/security/products/connect/apsb21-19.html
_____________________________________________________________________

Security updates available for Adobe Connect | APSB21-19
Bulletin ID 	Date Published 	Priority
APSB21-19 	March 09, 2021 	3


Summary

Adobe has released a security update for Adobe Connect.  This update
resolves a critical and an important vulnerability.
Successful exploitation could lead to arbitrary JavaScript execution
within the context of the victim's browser.             


Affected product versions

Product 	Version                              Platform
Adobe Connect 	11.0.5 and earlier versions          All


Solution

Adobe categorizes these updates with the following  priority ratings and
recommends users update their installation to the newest version:

Product 	Version 	Platform 	Priority    Availability
Adobe Connect 	11.2 	All 	3 	Release note


Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity    CVE Number
Improper Input Validation  Arbitrary code execution   Critical
	CVE-2021-21085


Reflected cross-site scripting      Arbitrary JavaScript execution in
the browser      Important     CVE-2021-21079     CVE-2021-21080
CVE-2021-21081


Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:

    Lemonoftroy (CVE-2021-21079)   
    kickass (janthraper)(CVE-2021-21085) 
    Muhammed Ahmed (elpast) (CVE-2021-21080, CVE-2021-21081)  

Revisions

March 09, 2021: Updated CVE id from CVE-2021-21078 to CVE-2021-21085


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================