Lucene search

AdobeCVELIST:CVE-2021-28633

HistoryAug 24, 2021 - 6:18 p.m.

CVE-2021-28633 Adobe Creative Cloud Installer Arbitrary File Write

2021-08-2418:18:09

CWE-379

adobe

www.cve.org

adobe

creative cloud

vulnerability

arbitrary

file write

insecure

exploitation

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system.

CNA Affected

[
  {
    "product": "Creative Cloud (desktop component)",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/creative-cloud/apsb21-41.html

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Related for CVELIST:CVE-2021-28633