CVE-2014-8068 — Sensitive Information Exposure in Adobe Digital Editions

CWE-200 — Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 39.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Digital Editions
Timeline
PublishedOct 9
Latest updateMay 17

Description

Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-frvc-fv9p-83jh: Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs↗2022-05-17
â–¶
CVEList
CVE-2014-8068: Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs↗2014-10-09
â–¶
CVE-2014-8068 — Sensitive Information Exposure in Adobe | cvebase