Lucene search

AdobeCVE-2021-28559

HistorySep 02, 2021 - 5:15 p.m.

CVE-2021-28559

2021-09-0217:15:08

CWE-359

adobe

web.nvd.nist.gov

cve-2021-28559

acrobat reader dc

information exposure

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global variables and objects.

Affected configurations

Nvd

Vulners

Node

adobeacrobat_dcRange15.008.20082–21.001.20150continuous

adobeacrobat_reader_dcRange15.008.20082–21.001.20150continuous

AND

microsoftwindowsMatch-

Node

adobeacrobatRange17.011.30059–17.011.30194classic

adobeacrobatRange20.001.30005–20.001.30020classic

adobeacrobat_readerRange17.011.30059–17.011.30194classic

adobeacrobat_readerRange20.001.30005–20.001.30020classic

AND

applemacosMatch-

microsoftwindowsMatch-

Node

adobeacrobat_dcRange15.008.20082–21.001.20150continuous

adobeacrobat_reader_dcRange15.008.20082–21.001.20150continuous

AND

applemacosMatch-

VendorProductVersionCPE
adobeacrobat_dc*cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
adobeacrobat_reader_dc*cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
adobeacrobat*cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
adobeacrobat_reader*cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	acrobat_dc	*	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
adobe	acrobat_reader_dc	*	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
adobe	acrobat	*	cpe:2.3:a:adobe:acrobat:::::classic:::*
adobe	acrobat_reader	*	cpe:2.3:a:adobe:acrobat_reader:::::classic:::*
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

CNA Affected

[
  {
    "product": "Acrobat Reader",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2020.001.30020",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2021.001.20150",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2017.011.30194",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/acrobat/apsb21-29.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Related for CVE-2021-28559