{"containers": {"cna": {"affected": [{"product": "Digital Editions", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "4.5.11.187646", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-09-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-379", "description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-27T15:43:26.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe Digital Editions Installer flaw leads to Local Privilege Escalation", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39828", "STATE": "PUBLIC", "TITLE": "Adobe Digital Editions Installer flaw leads to Local Privilege Escalation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Digital Editions", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.5.11.187646"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "None", "baseScore": 5.8, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:20:33.291Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:16:38.081984Z", "id": "CVE-2021-39828", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T19:27:15.236Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-39828", "datePublished": "2021-09-27T15:43:26.854Z", "dateReserved": "2021-08-23T00:00:00.000Z", "dateUpdated": "2025-04-23T19:27:15.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:20:33.291Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-39828", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-23T13:16:38.081984Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:16:39.549Z"}}], "cna": {"title": "Adobe Digital Editions Installer flaw leads to Local Privilege Escalation", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Adobe", "product": "Digital Editions", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "4.5.11.187646"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "None"}]}], "datePublic": "2021-09-14T00:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-379", "description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2021-09-27T15:43:26.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Unchanged", "version": "3.1", "baseScore": 5.8, "attackVector": "Local", "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "High", "userInteraction": "Required", "attackComplexity": "Low", "availabilityImpact": "None", "privilegesRequired": "High", "confidentialityImpact": "High"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.5.11.187646", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}]}, "product_name": "Digital Editions"}]}, "vendor_name": "Adobe"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html", "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-39828", "STATE": "PUBLIC", "TITLE": "Adobe Digital Editions Installer flaw leads to Local Privilege Escalation", "ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-09-14T23:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2021-39828", "state": "PUBLISHED", "dateUpdated": "2025-04-23T19:27:15.236Z", "dateReserved": "2021-08-23T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2021-09-27T15:43:26.854Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*", "matchCriteriaId": "1272DDA4-6B2D-449C-9BC7-76007414C82C", "versionEndIncluding": "4.5.11.187646", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability."}, {"lang": "es", "value": "Adobe Digital Editions versiones 4.5.11.187646 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de escalada de privilegios en el instalador de Digital Editions. Un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para escalar privilegios. Es requerida una interacci\u00f3n del usuario antes de la instalaci\u00f3n del producto para abusar de esta vulnerabilidad"}], "id": "CVE-2021-39828", "lastModified": "2024-11-21T06:20:19.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.2, "source": "psirt@adobe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-27T16:15:10.247", "references": [{"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-379"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}