CVE-2017-2969 Adobe CVE debrief

Who should care

Administrators and security teams running Adobe Campaign 16.4 Build 8724 or earlier should care most, along with teams responsible for web application input handling, browser-session security, and vulnerability remediation.

Technical summary

The NVD record maps this issue to CWE-79 (cross-site scripting) and identifies Adobe Campaign as the affected product family. The supplied description states that Adobe Campaign versions 16.4 Build 8724 and earlier are vulnerable, and the NVD record cites Adobe's APSB17-03 advisory as a vendor reference. The CVSS vector shows no privileges are required, but a user must interact with the malicious content.

Defensive priority

Medium priority: patch or mitigate promptly if Adobe Campaign is deployed and exposed to untrusted content, because XSS can let an attacker run script in a victim user's browser context.

Recommended defensive actions

• Verify whether any deployed Adobe Campaign instances are at or below 16.4 Build 8724.
• Follow Adobe advisory APSB17-03 and upgrade or remediate affected installations.
• Review any features that render user-controlled HTML or templates; ensure output encoding and input validation are in place.
• Check for suspicious script-injection attempts or abnormal browser-session activity around Campaign workflows.
• Where immediate patching is not possible, reduce exposure of affected interfaces and restrict access to trusted users only.

Evidence notes

Based only on the supplied official corpus: the NVD CVE record, the NVD API source item, and Adobe's APSB17-03 advisory referenced by NVD. The record lists CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N and CWE-79. The description states Adobe Campaign versions 16.4 Build 8724 and earlier are affected. No KEV listing is included in the supplied material.

Official resources