Lucene search

AdobeCVELIST:CVE-2024-30314

HistoryMay 16, 2024 - 11:36 a.m.

CVE-2024-30314 Git local configuration leading to Arbitrary Code Execution upon opening .ste file

2024-05-1611:36:01

CWE-78

adobe

www.cve.org

cve-2024-30314

git

local configuration

arbitrary code execution

.ste file

dreamweaver desktop

improper neutralization

os command injection

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

21.1%

JSON

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Dreamweaver Desktop",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "21.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

21.1%

JSON

Related for CVELIST:CVE-2024-30314