CVE-2023-22274

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

Published: Nov 17, 2023
Updated: Dec 1, 2023
CVE: CVE-2023-22274
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
adobe / robohelp_server	-	11.4.x

https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html

Vulnerability Database

290,206

CVE-2023-22274