CVE-2021-28568

MEDIUM

Adobe Genuine Service < 7.1 - Exposure to Wrong Actor

Title source: rule

Description

Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/integrity_service/apsb21-27.html

Scores

CVSS v3 5.8

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Classification

CWE

CWE-379 CWE-668

Status published

Affected Products (1)

adobe/genuine_service < 7.1

Timeline

Published Sep 08, 2021

Tracked Since Feb 18, 2026