Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_CONNECT_APSB19-05.NASL
HistoryJan 11, 2019 - 12:00 a.m.

Adobe Connect <= 9.8.1 Session Token Exposure Vulnerability (APSB19-05)

2019-01-1100:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

43.9%

JSON

The version of Adobe Connect running on the remote host is 9.8.1 or earlier. It is, therefore, affected by a session token exposure vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(121110);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/28");

  script_cve_id("CVE-2018-19718");
  script_bugtraq_id(106469);
  script_xref(name:"IAVB", value:"2019-B-0003-S");

  script_name(english:"Adobe Connect <= 9.8.1 Session Token Exposure Vulnerability (APSB19-05)");
  script_summary(english:"Checks the version of Adobe Connect.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an application that is affected by a
session token exposure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Connect running on the remote host is 9.8.1 or
earlier. It is, therefore, affected by a session token exposure
vulnerability.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/connect/apsb19-05.html");
  # https://helpx.adobe.com/adobe-connect/kb/update-for-adobe-connect-now-available-includes-latest-security-.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5bd09165");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Connect version 10.1 or later, or apply vendor specified mitigation.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19718");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:connect");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_connect_detect.nbin");
  script_require_keys("installed_sw/Adobe Connect");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include('http.inc');
include('vcf.inc');

app = "Adobe Connect";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80);

app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:2);

constraints = [
      { "max_version" : "9.8.1", "fixed_version" : "10.1" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
adobeconnectcpe:/a:adobe:connect

Related

prion 1
cve 1
cvelist 1
nvd 1
adobe 1
threatpost 1
prion
prion
Session fixation
2019-01-18 17:29:00
cve
cve
CVE-2018-19718
2019-01-18 17:29:44
cvelist
cvelist
CVE-2018-19718
2019-01-18 17:00:00
nvd
nvd
CVE-2018-19718
2019-01-18 17:29:44
adobe
adobe
APSB19-05 Security update available for Adobe Connect
2019-01-08 00:00:00
threatpost
threatpost
Adobe Patches Important Bugs in Connect and Digital Edition
2019-01-08 14:48:36

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

43.9%

JSON
Related for ADOBE_CONNECT_APSB19-05.NASL
prion1cve1cvelist1nvd1adobe1threatpost1