CVE-2021-28597

Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://helpx.adobe.com/security/products/photoshop_elements/apsb21-46.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:photoshop_elements:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

18 Oct 2022, 21:10

Type	Values Removed	Values Added
CWE	~~CWE-379~~	CWE-668

02 Jul 2021, 14:34

Type	Values Removed	Values Added
References	~~(MISC) https://helpx.adobe.com/security/products/photoshop_elements/apsb21-46.html -~~	(MISC) https://helpx.adobe.com/security/products/photoshop_elements/apsb21-46.html - Vendor Advisory
CWE		CWE-379
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:adobe:photoshop_elements:::::::: cpe:2.3:o:apple:macos:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5

28 Jun 2021, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-06-28 15:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-28597

Mitre link : CVE-2021-28597

CVE.ORG link : CVE-2021-28597

JSON object : View

Products Affected

apple

macos

microsoft

windows

adobe

photoshop_elements

CWE

CWE-668

Exposure of Resource to Wrong Sphere

CWE-379

Creation of Temporary File in Directory with Insecure Permissions

{"id": "CVE-2021-28597", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-06-28T15:15:23.683", "references": [{"url": "https://helpx.adobe.com/security/products/photoshop_elements/apsb21-46.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-379"}]}], "descriptions": [{"lang": "en", "value": "Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction."}, {"lang": "es", "value": "Adobe Photoshop Elements versiones 5.2 (y anteriores) est\u00e1 afectada por una vulnerabilidad de creaci\u00f3n de archivos temporales no seguros. Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para llamar a funciones contra el instalador para llevar a cabo acciones con altos privilegios. Una explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario"}], "lastModified": "2023-11-07T03:32:13.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:photoshop_elements:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C236C25-B21C-46DA-824F-4CA8D9FB49FD", "versionEndExcluding": "5.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}