CVE-2021-28633

{"id": "CVE-2021-28633", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.2}]}, "published": "2021-08-24T19:15:13.097", "references": [{"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-41.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-379"}]}], "descriptions": [{"lang": "en", "value": "Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system."}, {"lang": "es", "value": "Adobe Creative Cloud Desktop Application (instalador) versiones 2.4 (y anteriores), est\u00e1 afectada por una vulnerabilidad de creaci\u00f3n de archivos temporales No Seguros. Un atacante podr\u00eda aprovechar esta vulnerabilidad para causar una sobrescritura arbitraria de archivos en el contexto del usuario actual. Es requerida una interacci\u00f3n f\u00edsica con el sistema para explotar este problema."}], "lastModified": "2023-06-26T19:16:39.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5738603-58A7-4262-9B31-9CF5D468C7C6", "versionEndIncluding": "2.4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}