Lucene search

[email protected]NVD:CVE-2023-26358

HistoryMar 22, 2023 - 5:15 p.m.

CVE-2023-26358

2023-03-2217:15:15

CWE-426

[email protected]

web.nvd.nist.gov

cve-2023-26358

creative cloud

untrusted search path

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.

Affected configurations

Nvd

Node

adobecreative_cloudRange<5.10

VendorProductVersionCPE
adobecreative_cloud*cpe:2.3:a:adobe:creative_cloud:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	creative_cloud	*	cpe:2.3:a:adobe:creative_cloud::::::::

References

helpx.adobe.com/security/products/creative-cloud/apsb23-21.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

Related for NVD:CVE-2023-26358

cnvd1 cve1 openvas1 nessus1 prion1 cvelist1 adobe1