FKIE_CVE-2022-30670

Vulnerability from fkie_nvd - Published: 2022-06-16 17:15 - Updated: 2024-11-21 07:03
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.
References
psirt@adobe.comhttps://helpx.adobe.com/security/products/robohelp-server/apsb22-31.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.htmlVendor Advisory
Impacted products
Vendor Product Version
adobe robohelp_server *
adobe robohelp_server 11
adobe robohelp_server 11
adobe robohelp_server 11
adobe robohelp_server 11
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFA07D7-BC9B-49AB-A695-25D72C076A8B",
              "versionEndExcluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:robohelp_server:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "FFAFE733-A7F2-45F9-BBD5-CDA4B8A200C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:robohelp_server:11:update1:*:*:*:*:*:*",
              "matchCriteriaId": "CEF1C8F3-963F-4DF4-966B-AE7816D9BF88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:robohelp_server:11:update2:*:*:*:*:*:*",
              "matchCriteriaId": "54264AA5-08D5-4CB4-A341-FFDE58231CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:robohelp_server:11:update3:*:*:*:*:*:*",
              "matchCriteriaId": "52A777F4-C3D0-4630-8DC4-F8AA2087512D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "RoboHelp Server versiones anteriores a la actualizaci\u00f3n 3 de RHS 11, est\u00e1n afectadas por una vulnerabilidad de Autorizaci\u00f3n Inapropiada que podr\u00eda conllevar a una elevaci\u00f3n de privilegios. Un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para obtener privilegios de administrador completos. No es requerida una interacci\u00f3n del usuario para explotar este problema"
    }
  ],
  "id": "CVE-2022-30670",
  "lastModified": "2024-11-21T07:03:08.453",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-06-16T17:15:08.423",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.