CVE-2021-28581

HIGH

Adobe Creative Cloud < 5.3 - Uncontrolled Search Path

Title source: rule

Description

Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/creative-cloud/apsb21-31.html

Scores

CVSS v3 7.3

EPSS 0.0011

EPSS Percentile 30.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

adobe/creative_cloud < 5.3

Timeline

Published Sep 08, 2021

Tracked Since Feb 18, 2026