PT-2022-18907 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-19
·
CVE-2022-28244
CVSS v3.1
6.3
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC versions 22.001.20085 and earlier
Acrobat Reader DC versions 20.005.3031x and earlier
Acrobat Reader DC versions 17.012.30205 and earlier
Description
The issue is related to a violation of secure design principles through bypassing the content security policy. This could allow an attacker to send arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction, where the victim needs to access a crafted PDF file on an attacker's server.
Recommendations
For versions 22.001.20085 and earlier, update to a version that addresses the secure design principles violation.
For versions 20.005.3031x and earlier, update to a version that addresses the secure design principles violation.
For versions 17.012.30205 and earlier, update to a version that addresses the secure design principles violation.
As a temporary workaround, consider restricting access to crafted PDF files from untrusted sources until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader