Vulnerabilities > CVE-2021-28613 - Creation of Temporary File in Directory with Incorrect Permissions vulnerability in Adobe Creative Cloud Desktop Application

CVSS 7.4 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

adobe

CWE-379

NVD

Published: 2021-09-27

Updated: 2022-02-04

Summary

Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Creative Cloud Desktop Application - Adobe Creative Cloud Desktop Application 2.4 Adobe Creative Cloud Desktop Application 2.5 Adobe Creative Cloud Desktop Application 2.7.0.13 Adobe Creative Cloud Desktop Application 5.1 Adobe Creative Cloud Desktop Application 5.2 Adobe Creative Cloud Desktop Application 5.4	7
OS	Apple Apple Macos -	1

Common Weakness Enumeration (CWE)

CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions

References

https://helpx.adobe.com/security/products/creative-cloud/apsb21-76.html