Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.
History

Thu, 12 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
Title Git local configuration leading to Arbitrary Code Execution upon opening .ste file Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Tue, 03 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-05-16T11:36:01.484Z

Updated: 2024-12-12T17:22:09.719Z

Reserved: 2024-03-26T16:04:09.510Z

Link: CVE-2024-30314

cve-icon Vulnrichment

Updated: 2024-08-02T01:32:07.020Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-16T12:15:13.280

Modified: 2024-12-12T21:10:42.107

Link: CVE-2024-30314

cve-icon Redhat

No data.