CVE-2021-36002

CWE-379CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
7.3HIGH
EPSS
0.1%
top 76.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Captivate
Timeline
PublishedSep 1
Latest updateMay 24

Description

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/captivateunspecified11.5.5+1
NVDadobe/captivate11.5.5

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-p4pq-252w-q8gg: Adobe Captivate version 112022-05-24
CVEList
Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation2021-09-01
CVE-2021-36002 (HIGH CVSS 7.3) | Adobe Captivate version 11.5.5 (and | cvebase.io