Lucene search

AdobeCVE-2024-30314

HistoryMay 16, 2024 - 12:15 p.m.

CVE-2024-30314

2024-05-1612:15:13

CWE-78

adobe

web.nvd.nist.gov

dreamweaver

desktop

os command injection

21.3

vulnerability

user interaction

arbitrary code execution

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.0%

JSON

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.

Affected configurations

Vulners

Vulnrichment

Node

adobedreamweaverRange≤21.3

VendorProductVersionCPE
adobedreamweaver*cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	dreamweaver	*	cpe:2.3:a:adobe:dreamweaver::::::::

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Dreamweaver Desktop",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "21.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.0%

JSON

Related for CVE-2024-30314