CVE-2017-2968 Adobe CVE debrief

Who should care

Adobe Campaign administrators, vulnerability management teams, and security operations teams should prioritize this issue if they operate Adobe Campaign, especially deployments at or below version 16.4 Build 8724 or any internet-reachable instance.

Technical summary

The NVD record identifies this as CWE-94 (code injection). The CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, which means an attacker could potentially execute injected code remotely without needing authentication or user interaction, with high confidentiality and integrity impact. The source corpus states the affected range as Adobe Campaign versions 16.4 Build 8724 and earlier.

Defensive priority

Critical. The combination of network exposure, no required privileges, no user interaction, and high confidentiality/integrity impact makes this a high-priority remediation item for any affected Adobe Campaign deployment.

Recommended defensive actions

• Upgrade Adobe Campaign beyond version 16.4 Build 8724 using Adobe's security guidance.
• Inventory all Adobe Campaign instances and verify exact build/version numbers against the vulnerable range.
• Prioritize remediation for any internet-facing or broadly reachable Campaign deployment.
• Review logs and application telemetry for unusual activity around Adobe Campaign services.
• Track the Adobe advisory references and NVD record for any update to remediation guidance or affected-version details.

Evidence notes

The assessment is based on the supplied NVD record and its metadata: CVE published 2017-02-15 and modified 2026-05-13; description states Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability; CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N; weakness is CWE-94. References in the source item include Adobe PSIRT/BID 96197 and a vendor advisory link, though one Adobe helpx link is marked Broken Link in the corpus.

Official resources