Copy link to clipboard
Copied
Hi,
Its been reported that Adobe Connect is vulnerable to CVE-2022-22965. Has there been any update or response from Adobe about it?
Copy link to clipboard
Copied
I can't find any report of Connect being vunerable to this issue. Can you share where you got that information? From what I can find on this it is generally applicable to Tomcat, which Connect does use, but Adobe Connect is not called out as an application that is affected.
https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2022-22965
Copy link to clipboard
Copied
I think you are right. It was reported by an internal scan that found spring-core-5.3.2.jar which is in the exploit report.
The prerequistites included using JDK 9 and being deployed as a WAR which I don't think Connect does either.