CVE-2021-21055 Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure

2021-02-1120:12:37

CWE-426

adobe

www.cve.org

adobe

dreamweaver

vulnerability

information disclosure

cve-2021-21055

untrusted search path

CVSS3

6.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

25.5%

JSON

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.

CNA Affected

[
  {
    "product": "Dreamweaver",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "21.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "20.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]