CVE-2021-21096Improper Authorization in Adobe Bridge

CWE-285Improper Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 79.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Bridge
Timeline
PublishedApr 15
Latest updateMay 24

Description

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/bridgeunspecified11.0.1+2
NVDadobe/bridge10.010.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-8g8v-mrq7-5hm6: Adobe Bridge versions 102022-05-24
CVEList
Adobe Bridge Genuine Software Service Incorrect Permission Assignment could lead to Denial-of-Service2021-04-15
CVE-2021-21096 — Improper Authorization in Adobe Bridge | cvebase