René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

125 lines
3.8 KiB
JSON

{
"id": "CVE-2021-27038",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2021-07-09T15:15:08.317",
"lastModified": "2022-09-12T03:56:29.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de confusi\u00f3n de tipo en Autodesk Design Review 2018, 2017, 2013, 2012, 2011 puede ocurrir al procesar un archivo PDF maliciosamente dise\u00f1ado. Un actor malicioso puede aprovechar esto para ejecutar c\u00f3digo arbitrario"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*",
"matchCriteriaId": "83CF6CDF-806C-4DC5-B572-C1C2BC2C25F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*",
"matchCriteriaId": "2A78B6F8-DF84-4E6C-A247-0F6D2F8CA679"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD2CA9B-16E1-4BE7-A4E1-A9817A503958"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "31F2529F-ECF0-4568-BBDC-82B396A52332"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "7D07C55F-1D23-4E2B-AC1E-67D735F800B7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"source": "psirt@autodesk.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}