← back
CVE-2024-45137

InDesign Desktop | Unrestricted Upload of File with Dangerous Type (CWE-434)

CVSS 7.8 HIGHEPSS 0.3%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
09 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Adobe · InDesign Desktop