{"containers": {"cna": {"affected": [{"product": "After Effects", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "18.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-05-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "Uncontrolled Search Path Element (CWE-427)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-28T13:49:07.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe After Effects uncontrolled search path element vulnerability could lead to remote code execution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-05-11T23:00:00.000Z", "ID": "CVE-2021-28570", "STATE": "PUBLIC", "TITLE": "Adobe After Effects uncontrolled search path element vulnerability could lead to remote code execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "After Effects", "version": {"version_data": [{"version_affected": "<=", "version_value": "18.1"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction."}]}, "impact": {"cvss": {"attackComplexity": "High", "attackVector": "Network", "availabilityImpact": "High", "baseScore": 8.3, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "None", "scope": "Changed", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled Search Path Element (CWE-427)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html", "refsource": "MISC", "url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:47:32.672Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:18:54.471810Z", "id": "CVE-2021-28570", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T19:40:21.456Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-28570", "datePublished": "2021-06-28T13:49:08.011Z", "dateReserved": "2021-03-16T00:00:00.000Z", "dateUpdated": "2025-04-23T19:40:21.456Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:47:32.672Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-28570", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-23T13:18:54.471810Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:18:55.752Z"}}], "cna": {"title": "Adobe After Effects uncontrolled search path element vulnerability could lead to remote code execution", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Adobe", "product": "After Effects", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "18.1"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "None"}]}], "datePublic": "2021-05-11T00:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element (CWE-427)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2021-06-28T13:49:07.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Changed", "version": "3.1", "baseScore": 8.3, "attackVector": "Network", "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "High", "userInteraction": "Required", "attackComplexity": "High", "availabilityImpact": "High", "privilegesRequired": "None", "confidentialityImpact": "High"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "18.1", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}]}, "product_name": "After Effects"}]}, "vendor_name": "Adobe"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html", "name": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled Search Path Element (CWE-427)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-28570", "STATE": "PUBLIC", "TITLE": "Adobe After Effects uncontrolled search path element vulnerability could lead to remote code execution", "ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-05-11T23:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2021-28570", "state": "PUBLISHED", "dateUpdated": "2025-04-23T19:40:21.456Z", "dateReserved": "2021-03-16T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2021-06-28T13:49:08.011Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF0289BA-BF12-46CA-8218-1A86047A6744", "versionEndIncluding": "18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction."}, {"lang": "es", "value": "Adobe After Effects versiones18.1 (y anteriores) est\u00e1 afectada por una vulnerabilidad de elemento de Ruta de B\u00fasqueda No Controlada. Un atacante no autenticado podr\u00eda explotar esto para plantar binarios personalizados y ejecutarlos con permisos System. Una explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario"}], "id": "CVE-2021-28570", "lastModified": "2024-11-21T05:59:52.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "psirt@adobe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-28T14:15:10.340", "references": [{"source": "psirt@adobe.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}