Vulnerabilites related to autodesk - maya
CVE-2022-42947 (GCVE-0-2022-42947)
Vulnerability from cvelistv5
Published
2022-12-19 00:00
Modified
2025-04-17 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bound Write
Summary
A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk Maya |
Version: 2023, 2022 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:45:09.049518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:45:50.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Maya",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-42947",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:45:50.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4605 (GCVE-0-2025-4605)
Vulnerability from cvelistv5
Published
2025-06-11 13:53
Modified
2025-08-19 13:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Summary
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | USD for Maya |
Version: Maya USD 0.31.0 < Maya USD 0.32.0 cpe:2.3:a:autodesk:usd_for_maya:maya_usd_0.31.0:*:*:*:*:*:*:* |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:02:40.218311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:02:53.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:usd_for_maya:maya_usd_0.31.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "USD for Maya",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "Maya USD 0.32.0",
"status": "affected",
"version": "Maya USD 0.31.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:usd_for_3ds_max:max_usd_0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "USD for 3ds Max",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "Max USD 0.11",
"status": "affected",
"version": "Max USD 0.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:maya:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Maya",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3.1",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.\u003cbr\u003e"
}
],
"value": "A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:14:48.074Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Autodesk/maya-usd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Autodesk/3dsmax-usd"
},
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "USD File Parsing Memory Allocation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-4605",
"datePublished": "2025-06-11T13:53:51.204Z",
"dateReserved": "2025-05-12T18:36:16.531Z",
"dateUpdated": "2025-08-19T13:14:48.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42946 (GCVE-0-2022-42946)
Vulnerability from cvelistv5
Published
2022-12-19 00:00
Modified
2025-04-17 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bound Read
Summary
Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk Maya |
Version: 2023, 2022 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:52:51.392745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:54:48.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Maya",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-42946",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:54:48.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-06-11 14:15
Modified
2025-08-19 14:15
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Summary
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | maya | * | |
| autodesk | universal_scene_description | 0.10 | |
| autodesk | universal_scene_description | 0.31.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:maya:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D795C312-49DD-48BF-94A2-06E1A7A6126B",
"versionEndExcluding": "2025.3.1",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:universal_scene_description:0.10:*:*:*:*:3ds_max:*:*",
"matchCriteriaId": "ABD7667F-D90C-440E-9483-578B49B9A9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:universal_scene_description:0.31.0:*:*:*:*:maya:*:*",
"matchCriteriaId": "9EBB5C23-E35F-41B3-B11F-B582EC1C7007",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption."
},
{
"lang": "es",
"value": "Un archivo .usdc manipulado con fines maliciosos, al cargarse a trav\u00e9s de Autodesk Maya, puede forzar una vulnerabilidad de asignaci\u00f3n de memoria incontrolada. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar una denegaci\u00f3n de servicio (DoS) o da\u00f1ar los datos."
}
],
"id": "CVE-2025-4605",
"lastModified": "2025-08-19T14:15:39.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "psirt@autodesk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2025-06-11T14:15:36.847",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://github.com/Autodesk/3dsmax-usd"
},
{
"source": "psirt@autodesk.com",
"url": "https://github.com/Autodesk/maya-usd"
},
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-19 16:15
Modified
2025-04-17 15:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:maya:2023:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27552C-733C-473E-B92A-D52647D552CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Un archivo X_B creado con fines malintencionados, cuando se analiza mediante Autodesk Maya 2023 y 2022, se puede utilizar para escribir m\u00e1s all\u00e1 del b\u00fafer asignado. Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-42947",
"lastModified": "2025-04-17T15:15:48.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-19T16:15:11.203",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-19 16:15
Modified
2025-04-17 15:15
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:maya:2023:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27552C-733C-473E-B92A-D52647D552CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
},
{
"lang": "es",
"value": "El an\u00e1lisis de un archivo X_B y PRT creado con fines malintencionados puede obligar a Autodesk Maya 2023 y 2022 a leer m\u00e1s all\u00e1 del b\u00fafer asignado. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso actual."
}
],
"id": "CVE-2022-42946",
"lastModified": "2025-04-17T15:15:48.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-19T16:15:11.153",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}