7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
6.4 Medium
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
86.7%
Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.
[
{
"product": "Acrobat Reader DC",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "<= 2020.013.20066"
},
{
"status": "affected",
"version": "<= 2020.001.30010"
},
{
"status": "affected",
"version": "<= 2017.011.30180"
}
]
}
]
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
6.4 Medium
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
86.7%