Lucene search

[email protected]CVE-2021-45980

HistoryJan 04, 2022 - 3:15 p.m.

CVE-2021-45980

2022-01-0415:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2021-45980

foxit

pdf reader

pdf editor

macos

remote attackers

execute arbitrary code

geturl

javascript api

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.7%

JSON

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.

CPENameOperatorVersion
foxit:pdf_editorfoxit pdf editorlt11.1
foxit:pdf_readerfoxit pdf readerlt11.1

CPE	Name	Operator	Version
foxit:pdf_editor	foxit pdf editor	lt	11.1
foxit:pdf_reader	foxit pdf reader	lt	11.1

References

github.com/dlehgus1023

github.com/dlehgus1023/CVE/tree/master/CVE-2021-45980

www.foxit.com/support/security-bulletins.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.7%

JSON

Related for CVE-2021-45980

prion1 cvelist1 nessus2