CVE-2021-21045 Vulnerability Details

  /     /     /  

CVE-2021-21045 Metadata Quick Info

CVE Published: 11/02/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: adobe | Vendor: Adobe | Product: Acrobat Reader
Status : PUBLISHED

---

CVE-2021-21045 Description

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.

Metrics

CVSS Version: 3.1 | Base Score: 8.2 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: Improper Access Control (CWE-284)
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).