Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21055

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.

Published

2021-02-11T21:15:13.383

Last Modified

2024-11-21T05:47:28.797

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-426

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	dreamweaver	≤ 20.2	Yes
Application	adobe	dreamweaver	21.0	Yes
Operating System	apple	macos	-	No
Operating System	microsoft	windows	-	No

References

https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html Vendor Advisory ([email protected])
https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)