admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-11 18:00:49 +00:00
parent ffbcabfc81
commit 5b4cad8ccb
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
23 changed files with 247 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2020/24xxx/CVE-2020-24421.json
View File

@ -57,15 +57,15 @@
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"availabilityImpact": "Low",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},

4
2020/24xxx/CVE-2020-24439.json
View File

@ -55,7 +55,7 @@
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 2.2,
@ -65,7 +65,7 @@
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},

12
2020/7xxx/CVE-2020-7506.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"product_name": "Easergy T300 Firmware V1.5.2 and prior",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
"version_value": "Easergy T300 Firmware V1.5.2 and prior"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-538: File and Directory Information Exposure"
"value": "CWE-200: Information Exposure"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04"
}
]
},
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure."
"value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure."
}
]
}

12
2020/7xxx/CVE-2020-7515.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Easergy Builder (Version 1.4.7.2 and older)",
"product_name": "Easergy Builder V1.4.7.2 and prior",
"version": {
"version_data": [
{
"version_value": "Easergy Builder (Version 1.4.7.2 and older)"
"version_value": "Easergy Builder V1.4.7.2 and prior"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of hard-coded cryptographic key stored in cleartext"
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
]
},
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to decrypt a password."
"value": "A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password."
}
]
}

12
2020/7xxx/CVE-2020-7516.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Easergy Builder (Version 1.4.7.2 and older)",
"product_name": "Easergy Builder V1.4.7.2 and prior",
"version": {
"version_data": [
{
"version_value": "Easergy Builder (Version 1.4.7.2 and older)"
"version_value": "Easergy Builder V1.4.7.2 and prior"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-316: Cleartext Storage of Sensitive Information in Memory"
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
]
},
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to login credentials."
"value": "A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials."
}
]
}

82
2020/7xxx/CVE-2020-7860.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2021-04-28T06:41:00.000Z",
"ID": "CVE-2020-7860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UnEGG",
"version": {
"version_data": [
{
"platform": "linux",
"version_affected": "<",
"version_name": "0.5",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Estsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0.5 versions prior to 1.0 on linux."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.altools.co.kr/Download/ALZip.aspx",
"name": "https://www.altools.co.kr/Download/ALZip.aspx"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

10
2021/21xxx/CVE-2021-21013.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account."
"value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure."
}
]
},
@ -57,15 +57,15 @@
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 8.1,
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

18
2021/21xxx/CVE-2021-21021.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"availabilityImpact": "None",
"baseScore": 7.8,
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "None",
"integrityImpact": "None",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

18
2021/21xxx/CVE-2021-21028.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"availabilityImpact": "None",
"baseScore": 7.8,
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "None",
"integrityImpact": "None",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

18
2021/21xxx/CVE-2021-21029.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},

18
2021/21xxx/CVE-2021-21033.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"availabilityImpact": "None",
"baseScore": 7.8,
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "None",
"integrityImpact": "None",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

14
2021/21xxx/CVE-2021-21034.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 4,
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"confidentialityImpact": "Low",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},

18
2021/21xxx/CVE-2021-21035.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"availabilityImpact": "None",
"baseScore": 7.8,
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "None",
"integrityImpact": "None",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

2
2021/21xxx/CVE-2021-21042.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},

8
2021/21xxx/CVE-2021-21068.json
View File

@ -56,16 +56,16 @@
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"attackVector": "Physical",
"availabilityImpact": "High",
"baseScore": 7.7,
"baseScore": 6.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

6
2021/21xxx/CVE-2021-21078.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

6
2021/21xxx/CVE-2021-21079.json
View File

@ -58,14 +58,14 @@
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 6.4,
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"scope": "Changed",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},

6
2021/21xxx/CVE-2021-21080.json
View File

@ -58,14 +58,14 @@
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 6.4,
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"scope": "Changed",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},

6
2021/21xxx/CVE-2021-21082.json
View File

@ -56,16 +56,16 @@
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

8
2021/21xxx/CVE-2021-21085.json
View File

@ -49,23 +49,23 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine."
"value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},

66
2021/27xxx/CVE-2021-27200.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.wowonder.com",
"refsource": "MISC",
"name": "https://www.wowonder.com"
},
{
"refsource": "MISC",
"name": "https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200",
"url": "https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49989",
"url": "https://www.exploit-db.com/exploits/49989"
}
]
}

2
2021/28xxx/CVE-2021-28545.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file."
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file."
}
]
},

16
2021/28xxx/CVE-2021-28546.json
View File

@ -55,17 +55,17 @@
},
"impact": {
"cvss": {
"attackComplexity": "None",
"attackVector": "None",
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "None",
"userInteraction": "None",
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},