nvd-json-data-feeds/CVE-2021/CVE-2021-210xx/CVE-2021-21010.json

{
  "id": "CVE-2021-21010",
  "sourceIdentifier": "psirt@adobe.com",
  "published": "2021-01-13T23:15:14.213",
  "lastModified": "2021-01-19T17:19:59.793",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
    },
    {
      "lang": "es",
      "value": "InCopy versiones 15.1.1 (y anteriores) para Windows est\u00e1 afectado por una vulnerabilidad de ruta de b\u00fasqueda no controlada que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo arbitraria en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere una interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@adobe.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "HIGH",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@adobe.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:incopy:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "15.1.3",
              "matchCriteriaId": "6707A68D-CF76-43D8-9A74-55B78A5B1F6B"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://helpx.adobe.com/security/products/incopy/apsb21-05.html",
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}