CVE-2021-36002 Vulnerability Details

  /     /     /  

CVE-2021-36002 Metadata Quick Info

CVE Published: 01/09/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: adobe | Vendor: Adobe | Product: Captivate
Status : PUBLISHED

---

CVE-2021-36002 Description

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim\'s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.

Metrics

CVSS Version: 3.1 | Base Score: 5 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-379
CWE Name: Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).