CVE-2021-28581

CWE-4273 documents3 sources
Severity
7.3HIGH
EPSS
0.1%
top 69.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Creative Cloud (desktop Component)Adobe Creative Cloud
Timeline
PublishedSep 8
Latest updateMay 24

Description

Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/creative_cloud_(desktop_component)unspecified5.3+1

🔴Vulnerability Details

2
GHSA
GHSA-64hj-4677-7p5v: Adobe Creative Cloud Desktop 32022-05-24
CVEList
Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation2021-09-08
CVE-2021-28581 (HIGH CVSS 7.3) | Adobe Creative Cloud Desktop 3.5 (a | cvebase.io