CVE-2021-28633

MEDIUM

Adobe Creative Cloud Desktop Application - Exposure to Wrong Actor

Title source: rule

Description

Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/creative-cloud/apsb21-41.html

Scores

CVSS v3 6.1

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-379 CWE-668

Status published

Affected Products (1)

adobe/creative_cloud_desktop_application < 2.4

Timeline

Published Aug 24, 2021

Tracked Since Feb 18, 2026