CVE-2021-21078

CWE-4263 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Creative Cloud (desktop Component)Adobe Creative Cloud Desktop Application
Timeline
PublishedMar 12
Latest updateMay 24

Description

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/creative_cloud_(desktop_component)unspecified5.3+1

🔴Vulnerability Details

2
GHSA
GHSA-m37j-xrjp-4fj2: Adobe Creative Cloud Desktop Application version 52022-05-24
CVEList
Adobe Creative Cloud Unquoted Service Path in CCXProcess2021-03-12
CVE-2021-21078 (MEDIUM CVSS 6.5) | Adobe Creative Cloud Desktop Applic | cvebase.io