===========================================================================
ZMCIRT Vulnerability Bulletin
ZMC-2021.10.14.0800
Adobe Campaign Standard: Cross-site scripting - Remote with user interaction
14th October 2021
===========================================================================
Product: Adobe Campaign Standard
Publisher: Adobe
Operating System: Windows
Linux variants
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-40744
Original Bulletin:
https://helpx.adobe.com/security/products/campaign/apsb21-52.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Security updates available for Adobe Campaign Standard | APSB21-52
Bulletin ID Date Published Priority
APSB21-52 October 12, 2021 2
Summary
Adobe has released security updates for Adobe Campaign Standard. These updates
address a critical cross-site scripting vulnerability that could result in
arbitrary code execution.
Affected versions
+------------------------+------------------------------------+---------------+
| Product | Affected version | Platform |
+------------------------+------------------------------------+---------------+
|Adobe Campaign Standard |Release 21.2.1 and earlier versions |Windows, Linux |
+------------------------+------------------------------------+---------------+
Solution
Adobe categorizes these updates with the following priority rating and
recommends users update their installation to the newest version:
+--------------------+-------------+---------------+-------------+------------+
| Product | Updated | Platform | Priority |Availability|
| | version | | rating | |
+--------------------+-------------+---------------+-------------+------------+
|Adobe Campaign |21.3.1 |Windows and |2 |Release |
|Standard | |Linux | |Notes |
+--------------------+-------------+---------------+-------------+------------+
Vulnerability Details
Vulnerability Category Vulnerability Severity CVE Number
Impact
Cross-site Scripting (DOM-based Arbitrary code Critical CVE-2021-40744
XSS) ( CWE-79) execution
- --------------------------END INCLUDED TEXT--------------------
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Internet Email: report@cirt.zm
Telephone: 7070
ZMCIRT personnel answer during Zambian business hours
which are 8am to 5pm.
On call after hours for member emergencies only.
===========================================================================
Copyright @2023 ZAMBIA CIRT