CVE-2014-0548

CWE-2646 documents6 sources

Severity

7.5HIGH

EPSS

1.0%

top 23.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Adobe AIR Adobe Adobe AIR SDK Adobe Flash Player

Timeline

PublishedSep 10

Latest updateMay 17

Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDadobe/flash_player13.0.0.241+41

▶NVDadobe/adobe_air14.0.0.179+5

▶NVDadobe/adobe_air_sdk14.0.0.178+4

▶Ubuntuflashplugin-nonfree< 11.2.202.406ubuntu0.14.04.1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-289m-r545-35cc: Adobe Flash Player before 13↗2022-05-17

▶

CVEList

CVE-2014-0548: Adobe Flash Player before 13↗2014-09-10

▶

OSV

CVE-2014-0548: Adobe Flash Player before 13↗2014-09-10

▶

📋Vendor Advisories

Red Hat

flash-plugin: same origin policy bypass (APSB14-21)↗2014-09-09

▶

💬Community

Bugzilla

CVE-2014-0548 flash-plugin: same origin policy bypass (APSB14-21)↗2014-09-09

▶