CVE-2021-28568

CWE-379 CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 66.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Gocart Adobe Genuine Service

Timeline

PublishedSep 8

Latest updateMay 24

Description

Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NExploitability: 0.6 | Impact: 5.2

Affected Packages2 packages

▶NVDadobe/genuine_service7.1

▶CVEListV5adobe/gocartunspecified — 7.1+1

🔴Vulnerability Details

GHSA

GHSA-cqhr-xwvr-x8f9: Adobe Genuine Services version 7↗2022-05-24

▶

CVEList

Adobe Genuine Services insecure file permission could lead to privilege escalation↗2021-09-08

▶