SB2023111510 - Multiple vulnerabilities in Adobe RoboHelp Server
Published: November 15, 2023 Updated: November 16, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) LDAP injection (CVE-ID: CVE-2023-22272)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation when processing DLAP queries within the resolveDistinguishedName metho. A remote non-authenticated attacker can send a specially crafted LDAP query to the application and disclose sensitive information in the context of the application, including partial information about stored credentials.
2) Path traversal (CVE-ID: CVE-2023-22273)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the OnPublishFile method. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
3) XML External Entity injection (CVE-ID: CVE-2023-22274)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the UpdateCommandStream method. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
4) SQL injection (CVE-ID: CVE-2023-22275)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the GetNewUserId method. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
5) SQL injection (CVE-ID: CVE-2023-22268)
The vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the getRHSGroupsForRoles method. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Remediation
Install update from vendor's website.
References
- https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-1650/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1652/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1653/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1649/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1651/