nvd-json-data-feeds/CVE-2024/CVE-2024-495xx/CVE-2024-49535.json

{
  "id": "CVE-2024-49535",
  "sourceIdentifier": "psirt@adobe.com",
  "published": "2024-12-10T20:15:18.923",
  "lastModified": "2025-01-23T18:36:07.750",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document."
    },
    {
      "lang": "es",
      "value": "Las versiones 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de restricci\u00f3n incorrecta de referencia de entidad externa XML ('XXE') que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Esta vulnerabilidad permite a un atacante proporcionar una entrada XML maliciosa que contenga una referencia a una entidad externa, lo que puede provocar la divulgaci\u00f3n de datos o la posible ejecuci\u00f3n de c\u00f3digo. Para aprovechar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe procesar un documento XML malicioso."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@adobe.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.0
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@adobe.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
              "versionStartIncluding": "20.001.30002",
              "versionEndExcluding": "20.005.30748",
              "matchCriteriaId": "8629BF4A-1E7E-4EBB-8175-DABB9241A689"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
              "versionStartIncluding": "24.0.0",
              "versionEndExcluding": "24.001.30225",
              "matchCriteriaId": "62086AC3-1580-4DC5-93E2-04C7A6F06C45"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
              "versionEndExcluding": "24.005.20320",
              "matchCriteriaId": "8064F314-801F-4BEC-9EE2-120733E8B206"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
              "versionStartIncluding": "20.001.30002",
              "versionEndExcluding": "20.005.30748",
              "matchCriteriaId": "89E5AB91-6C0C-47AD-97F1-D5FC4AAEB5DC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
              "versionEndExcluding": "24.005.20320",
              "matchCriteriaId": "BBF2907B-0265-4E40-BB1B-772CCF3E67FA"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-92.html",
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}