Skip to main content

Lightroom CVE-2020-24447

HIGH
Uncontrolled Search Path Element (CWE-427)
2020-12-11 psirt@adobe.com
7.0
CVSS 3.1 · Vendor: adobe
Share

Severity by source

Vendor (adobe) PRIMARY
7.0 HIGH
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (adobe) · only source for this CVE.

CVSS VectorVendor: adobe

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 11, 2020 - 03:15 cve.org
HIGH 7.0

DescriptionCVE.org

Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Technical ContextAI

This vulnerability is classified under CWE-427. Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Affected products include: Adobe Lightroom. Version information: version 10.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2020-24447 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy