CVE-2021-21096

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://helpx.adobe.com/security/products/bridge/apsb21-23.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:adobe:bridge::::::::
	cpe:2.3:a:adobe:bridge::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Oct 2022, 20:11

Type	Values Removed	Values Added
CWE	~~CWE-285~~	NVD-CWE-Other

10 Dec 2021, 19:36

Type	Values Removed	Values Added
References	{'url': 'https://www.zerodayinitiative.com/advisories/ZDI-21-417/', 'name': 'https://www.zerodayinitiative.com/advisories/ZDI-21-417/', 'tags': ['Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}

Information

Published : 2021-04-15 14:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-21096

Mitre link : CVE-2021-21096

CVE.ORG link : CVE-2021-21096

JSON object : View

Products Affected

adobe

bridge

microsoft

windows

CWE

NVD-CWE-Other CWE-285

Improper Authorization

{"id": "CVE-2021-21096", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-04-15T14:15:16.653", "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction."}, {"lang": "es", "value": "Adobe Bridge versiones 10.1.1 (y anteriores) y versiones 11.0.1 (y anteriores) est\u00e1n afectadas por una vulnerabilidad de Autorizaci\u00f3n Inapropiada en Genuine Software Service. Un atacante poco privilegiado podr\u00eda aprovechar esta vulnerabilidad para lograr una denegaci\u00f3n de servicio de la aplicaci\u00f3n en el contexto del usuario actual. No es requerida una interacci\u00f3n del usuario para la explotaci\u00f3n de este problema"}], "lastModified": "2023-11-07T03:29:30.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE782647-BC3F-45C5-AD2E-C352CA29FB80", "versionEndIncluding": "10.1.1", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "533DEE6C-BBEA-4417-B00A-2FBC74507F15", "versionEndIncluding": "11.0.1", "versionStartIncluding": "11.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}