4.3
CVE-2021-39857
- EPSS 1.15%
- Published 29.09.2021 16:15:10
- Last modified 21.11.2024 06:20:23
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Acrobat Reader SwEditionclassic Version >= 17.011.30059 <= 17.011.30199
Adobe ≫ Acrobat Reader SwEditionclassic Version >= 20.001.30005 <= 20.004.30006
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.005.20058
Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.005.20058
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.005.20060
Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= 15.008.20082 <= 21.005.20060
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.765 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| psirt@adobe.com | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.