cvelist/2021/28xxx/CVE-2021-28633.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "DATE_PUBLIC": "2021-06-08T23:00:00.000Z",
        "ID": "CVE-2021-28633",
        "STATE": "PUBLIC",
        "TITLE": "Adobe Creative Cloud Installer Arbitrary File Write"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Creative Cloud (desktop component)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "2.4"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_value": "None"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_value": "None"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_value": "None"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Adobe"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "availabilityImpact": "High",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-41.html",
                "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-41.html"
            }
        ]
    },
    "source": {
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2021-03-16 18:00:47 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2021-08-24 19:00:59 +00:00			`"ASSIGNER": "psirt@adobe.com",`
			`"DATE_PUBLIC": "2021-06-08T23:00:00.000Z",`
"-Synchronized-Data." 2021-03-16 18:00:47 +00:00			`"ID": "CVE-2021-28633",`
"-Synchronized-Data." 2021-08-24 19:00:59 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Adobe Creative Cloud Installer Arbitrary File Write"`
"-Synchronized-Data." 2021-03-16 18:00:47 +00:00			`},`
"-Synchronized-Data." 2021-08-24 19:00:59 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Creative Cloud (desktop component)",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2.4"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "None"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "None"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "None"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Adobe"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-03-16 18:00:47 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-08-24 19:00:59 +00:00			`"value": "Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system."`
"-Synchronized-Data." 2021-03-16 18:00:47 +00:00			`}`
			`]`
"-Synchronized-Data." 2021-08-24 19:00:59 +00:00			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "Low",`
			`"attackVector": "Physical",`
			`"availabilityImpact": "High",`
			`"baseScore": 6.1,`
			`"baseSeverity": "Medium",`
			`"confidentialityImpact": "High",`
			`"integrityImpact": "High",`
			`"privilegesRequired": "High",`
			`"scope": "Unchanged",`
			`"userInteraction": "Required",`
			`"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
			`"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-41.html",`
			`"name": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-41.html"`
			`}`
			`]`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2021-03-16 18:00:47 +00:00			`}`
			`}`