← volver
CVE-2024-49535

Acrobat Reader | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

CVSS 6.3 MEDIUMEPSS 0.4%CWE-611
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
10 dic 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Productos afectados
Adobe · Acrobat Reader

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://helpx.adobe.com/security/products/acrobat/apsb24-92.html