CVE-2021-21070

CWE-4273 documents3 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 35.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Robohelp
Timeline
PublishedApr 19
Latest updateMay 24

Description

Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages2 packages

NVDadobe/robohelp< 2020.0.4
CVEListV5adobe/robohelpunspecified2020.0.3+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-whpp-mq64-qp2q: Adobe Robohelp version 20202022-05-24
CVEList
Privilege Escalation Vulnerability in Adobe RoboHelp2021-04-19
CVE-2021-21070 (MEDIUM CVSS 6.5) | Adobe Robohelp version 2020.0.3 (an | cvebase.io