CVE-2014-5333
Severity
4.3MEDIUM
EPSS
0.3%
top 44.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 19
Latest updateMay 17
Description
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element wit…
CVSS vector
AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3Red Hat▶
flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)↗2015-06-09
💬Community
2Bugzilla▶
CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)↗2015-06-10
Bugzilla▶
CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 CVE-2014-5333 flash-plugin: multiple code execution or security bypass flaws (APSB14-18)↗2014-08-12