CVE-2024-41865

HIGH

Adobe Dimension < 3.4.11 - Untrusted Search Path

Title source: rule

Description

Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/dimension/apsb24-47.html

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 48.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-426

Status published

Products (1)

adobe/dimension < 3.4.11

Published Aug 14, 2024

Tracked Since Feb 18, 2026