CVE-2021-21045 : Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.

Published 2021-02-11 20:15:16

Updated 2022-10-21 20:11:17

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2021-21045

Adobe » Acrobat Reader » Classic Edition
Versions from including (>=) 17.0 and up to, including, (<=) 17.011.30188
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader » Classic Edition
Versions from including (>=) 20.0 and up to, including, (<=) 20.001.300183
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat » Classic Edition
Versions from including (>=) 20.0 and up to, including, (<=) 20.001.30018
cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat » Classic Edition
Versions from including (>=) 17.0 and up to, including, (<=) 17.011.30188
cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Continuous Edition
Versions up to, including, (<=) 20.013.20074
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Continuous Edition
Versions up to, including, (<=) 20.013.20074
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-21045

EPSS FAQ

1.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-21045

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H	1.5	6.0	Adobe Systems Incorporated
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-21045

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: psirt@adobe.com (Secondary)

References for CVE-2021-21045

https://helpx.adobe.com/security/products/acrobat/apsb21-09.html

Adobe Security Bulletin
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-21045

Products affected by CVE-2021-21045

Exploit prediction scoring system (EPSS) score for CVE-2021-21045

CVSS scores for CVE-2021-21045

CWE ids for CVE-2021-21045

References for CVE-2021-21045