7.3
CVE-2022-28247
- EPSS 0.31%
- Veröffentlicht 11.05.2022 18:15:27
- Zuletzt bearbeitet 21.11.2024 06:57:01
- Quelle psirt@adobe.com
- Teams Watchlist Login
- Unerledigt Login
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= 15.008.20082 <= 22.001.20085
Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= 15.008.20082 <= 22.001.20085
Adobe ≫ Acrobat Reader SwEditionclassic Version >= 17.011.30059 <= 17.012.30205
Adobe ≫ Acrobat Reader SwEditionclassic Version >= 20.001.30005 <= 20.005.30314
Adobe ≫ Acrobat Reader SwEditionclassic Version >= 20.001.30005 <= 20.005.30311
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.535 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
| psirt@adobe.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.