Vulnerabilities > CVE-2019-7097 - Unspecified vulnerability in Adobe Dreamweaver

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

adobe

nessus

NVD

Published: 2019-05-23

Updated: 2021-09-08

Summary

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Dreamweaver - Adobe Dreamweaver 1.0.0 Adobe Dreamweaver 6.1 Adobe Dreamweaver 7.0 Adobe Dreamweaver 8.0 Adobe Dreamweaver 9.0 Adobe Dreamweaver 10.0 Adobe Dreamweaver 11.0 Adobe Dreamweaver 13.0 Adobe Dreamweaver 13.1 Adobe Dreamweaver 13.2 Adobe Dreamweaver 14.0 Adobe Dreamweaver 18.0 Adobe Dreamweaver 19.0	14
OS	Apple Apple Macos -	1
OS	Microsoft Microsoft Windows -	1

Nessus

NASL family	Windows
NASL id	ADOBE_DREAMWEAVER_APSB19-21.NASL
description	The version of Adobe Dreamweaver installed on the remote Windows host is a version prior to 19.1 or 18.2.1. It is, therefore, affected by an information disclosure vulnerability which could lead to sensitive data disclosure if SMB request is subjected to a relay attack Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	124026
published	2019-04-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124026
title	Adobe Dreamweaver < 19.1 Information Disclosure Vulnerability (APSB19-21)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124026); script_version("1.3"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id("CVE-2019-7097"); script_bugtraq_id(107825); script_xref(name:"IAVA", value:"2019-A-0104"); script_name(english:"Adobe Dreamweaver < 19.1 Information Disclosure Vulnerability (APSB19-21)"); script_summary(english:"Checks the version of Adobe Dreamweaver."); script_set_attribute(attribute:"synopsis", value: "The version of Adobe Dreamweaver installed on the remote Windows host is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The version of Adobe Dreamweaver installed on the remote Windows host is a version prior to 19.1 or 18.2.1. It is, therefore, affected by an information disclosure vulnerability which could lead to sensitive data disclosure if SMB request is subjected to a relay attack Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Dreamweaver 19.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7097"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:dreamweaver"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("adobe_dreamweaver_installed.nasl"); script_require_keys("installed_sw/Adobe Dreamweaver"); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); app_info = vcf::get_app_info(app:"Adobe Dreamweaver"); constraints = [ { "fixed_version" : "18.2.1" }, { "min_version" : "19", "fixed_version" : "19.1" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

References

https://helpx.adobe.com/security/products/dreamweaver/apsb19-21.html