Lucene search

AdobeVULNRICHMENT:CVE-2024-30314

HistoryMay 16, 2024 - 11:36 a.m.

CVE-2024-30314 Git local configuration leading to Arbitrary Code Execution upon opening .ste file

2024-05-1611:36:01

CWE-78

adobe

github.com

cve-2024-30314

git

arbitrary code execution

dreamweaver desktop

os command injection

user interaction

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Dreamweaver Desktop",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "21.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

Related for VULNRICHMENT:CVE-2024-30314