Vulnerability Details : CVE-2017-3098
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-3098
Probability of exploitation activity in the next 30 days: 3.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-3098
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-3098
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3098
-
http://www.securitytracker.com/id/1038657
Adobe Captivate Input Validation Flaw in Internal Server Reporting Functions Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code on the Target System - SecurityTracke
-
https://helpx.adobe.com/security/products/captivate/apsb17-19.html
Adobe Security BulletinVendor Advisory
Products affected by CVE-2017-3098
- cpe:2.3:a:adobe:captivate:*:*:*:*:*:*:*:*