Lucene search

[email protected]NVD:CVE-2021-45980

HistoryJan 04, 2022 - 3:15 p.m.

CVE-2021-45980

2022-01-0415:15:08

[email protected]

web.nvd.nist.gov

foxit pdf reader

pdf editor

macos

remote code execution

javascript api

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.023

Percentile

89.9%

JSON

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.

Affected configurations

Nvd

Node

foxitpdf_editorRange<11.1

foxitpdf_readerRange<11.1

AND

applemacosMatch-

VendorProductVersionCPE
foxitpdf_editor*cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
foxitpdf_reader*cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxit	pdf_editor	*	cpe:2.3:a:foxit:pdf_editor::::::::
foxit	pdf_reader	*	cpe:2.3:a:foxit:pdf_reader::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

References

github.com/dlehgus1023

github.com/dlehgus1023/CVE/tree/master/CVE-2021-45980

www.foxit.com/support/security-bulletins.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.023

Percentile

89.9%

JSON

Related for NVD:CVE-2021-45980

cve1 prion1 cvelist1 nessus2