CVE-2024-30314 Vulnerability Details

  /     /     /  

CVE-2024-30314 Metadata Quick Info

CVE Published: 16/05/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: adobe | Vendor: Adobe | Product: Dreamweaver Desktop
Status : PUBLISHED

---

CVE-2024-30314 Description

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.

Metrics

CVSS Version: 3.1 | Base Score: 8.2 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-78
CWE Name: Improper Neutralization of Special Elements used in an OS Command ( OS Command Injection ) (CWE-78)
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).