#VU59425 Improper access control
Vulnerability identifier: #VU59425
Vulnerability risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Adobe Acrobat
Client/Desktop applications /
Office applications
Adobe Reader
Client/Desktop applications /
Office applications
Vendor: Adobe
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can trick the victim to open a specially crafted PDF file, bypass implemented security restrictions and gain access to sensitive information.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Adobe Acrobat: 2020.001.30020 - 2020.013.20074, 2021.001.20135 - 2021.007.20099, 2017.008.30051 - 2017.011.30204, 2015.006.30503 - 2015.006.30527
Adobe Reader: 2020.001.30020 - 2020.013.20074, 2021.001.20135 - 2021.007.20099, 2017.011.30156 - 2017.011.30204, 2015.006.30508 - 2015.006.30523
CPE
- cpe:2.3:a:adobe:adobe_acrobat:2020.004.30017:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.007.20099:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.007.20096:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.007.20095:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.007.20091:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.004.30015:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.005.20060:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.005.20058:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.004.30006:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.005.20054:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.005.20148:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.004.30005:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.001.20155:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.001.30025:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.001.20150:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.001.20149:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.001.30020:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2021.001.20135:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.013.20074:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.013.20066:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.013.20064:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.012.20048:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.012.20041:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.009.20074:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.009.20063:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.006.20042:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2020.006.20034:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.004.30017:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.007.20099:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.007.20096:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.007.20095:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.007.20091:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.004.30015:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.005.20060:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.005.20058:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.004.30006:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.005.20054:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.005.20148:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.004.30005:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.001.20155:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.001.30025:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.001.20150:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.001.20149:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.001.30020:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2021.001.20135:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.013.20074:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.013.20066:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.013.20064:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.012.20048:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.012.20041:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.009.20074:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.009.20063:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.006.20042:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2020.006.20034:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30204:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30202:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30199:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30196:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30194:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30190:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30180:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30527:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30175:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30523:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30171:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30166:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30518:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30510:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30158:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30508:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30156:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30505:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30150:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30148:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30504:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2015.006.30503:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30127:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30120:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30105:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30102:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30096:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30078:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30070:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30068:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.011.30066:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:2017.008.30051:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30204:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30202:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30199:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30196:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30194:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30190:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30180:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30171:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2015.006.30523:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2015.006.30510:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30158:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2015.006.30508:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:2017.011.30156:*:*:*:*:*:*:*
External links
http://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
