CVE-2019-8071

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.7%

top 29.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Adobe Download Manager Adobe Download Manager

Timeline

PublishedOct 17

Latest updateMay 24

Description

Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/download_manager2.0.0.363

▶CVEListV5adobe/adobe_download_manager2.0.0.363 versions

🔴Vulnerability Details

GHSA

GHSA-4h9r-m5mg-85ph: Adobe Download Manager versions 2↗2022-05-24

▶

CVEList

CVE-2019-8071: Adobe Download Manager versions 2↗2019-10-17

▶