Lucene search

AdobeCVE-2016-1034

HistoryApr 12, 2016 - 11:59 p.m.

CVE-2016-1034

2016-04-1223:59:32

adobe

web.nvd.nist.gov

893

adobe

creative cloud

sync process

javascript api

cve-2016-1034

nvd

security vulnerability

CVSS2

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.275

Percentile

96.9%

JSON

The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.

Affected configurations

Nvd

Node

adobecreative_cloudRange≤3.5.1.209

VendorProductVersionCPE
adobecreative_cloud*cpe:2.3:a:adobe:creative_cloud:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	creative_cloud	*	cpe:2.3:a:adobe:creative_cloud::::::::

References

www.zerodayinitiative.com/advisories/ZDI-16-235

helpx.adobe.com/security/products/creative-cloud/apsb16-11.html

CVSS2

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.275

Percentile

96.9%

JSON

Related for CVE-2016-1034