Description
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html
Scores
CVSS v3
6.2
EPSS
0.0079
EPSS Percentile
51.2%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-426
Status
published
Products (2)
adobe/dreamweaver
21.0
adobe/dreamweaver
< 20.2
Published
Feb 11, 2021
Tracked Since
Feb 18, 2026