CVE-2021-28588: 
Adobe RoboHelp Server vulnerability analysis and mitigation

Adobe RoboHelp Server version 2019.0.9 and earlier versions were found to contain a Path Traversal vulnerability (CVE-2021-28588). The vulnerability was discovered in April 2021 and publicly disclosed on June 10, 2021. This security flaw affects the RoboHelp server's handling of crafted HTTP POST requests, specifically in the parsing of the folderId parameter (ZDI Advisory).

The vulnerability is classified as a Path Traversal issue (CWE-22) where the RoboHelp server process fails to properly validate user-supplied paths before using them in file operations. The vulnerability has received a CVSS v3.1 base score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact across confidentiality, integrity, and availability (NVD).

The successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary code in the context of SYSTEM. The vulnerability's high severity rating indicates significant potential impact on the affected systems' confidentiality, integrity, and availability (ZDI Advisory).

Adobe has released a security update to address this vulnerability. Users are advised to apply the security hotfix as detailed in Adobe's security bulletin (Adobe Security).