Vulnerability CVE-2021-36048

Vulnerability CVE-2021-36048

Published: 2021-09-01

Description:

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Adobe -> Xmp toolkit sdk

References:

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

Copyright 2024, cxsecurity.com