CVE-2024-30314

EPSS 0.3%
Published 16.05.2024 12:15:13
Last modified 12.12.2024 21:10:42
Source psirt@adobe.com
Teams watchlist Login
Open Login

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Dreamweaver Version < 21.4

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.531

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@adobe.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-30314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30314

EUVD