CVE-2021-28633 Vulnerability Details

  /     /     /  

CVE-2021-28633 Metadata Quick Info

CVE Published: 24/08/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: adobe | Vendor: Adobe | Product: Creative Cloud (desktop component)
Status : PUBLISHED

---

CVE-2021-28633 Description

Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system.

Metrics

CVSS Version: 3.1 | Base Score: 6.1 MEDIUM
Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-379
CWE Name: Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).