PT-2021-6626 · Adobe · Adobe Creative Cloud Desktop Application
Published
2021-03-09
·
Updated
2022-08-02
·
CVE-2021-28547
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier)
Description
The issue is related to insufficient input validation in the Adobe Creative Cloud Desktop Application, which could allow an attacker to escalate privileges. This could enable a normal user to delete the OOBE directory and gain permissions to any directory under the administrator authority.
Recommendations
For Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier), consider restricting access to sensitive directories until a patch is available.
As a temporary workaround, avoid using the application with elevated privileges until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adobe Creative Cloud Desktop Application