cnvd - cnvd-2019-39535

cnvd-2019-39535

Vulnerability from cnvd

Title: Adobe Creative Cloud Desktop Application安全绕过漏洞（CNVD-2019-39535）

Description:

Adobe Creative Cloud Desktop Application是美国奥多比（Adobe）公司的一套用于在Creative云会员管理中心管理应用程序和服务的应用程序。该程序支持同步和共享文件、管理字体以及访问商业摄影和设计的资产库。

基于Windows和macOS平台的Creative Cloud Desktop Application 4.6.1及之前版本中存在安全绕过漏洞，攻击者可利用该漏洞提升权限。

Severity: 高

Patch Name: Adobe Creative Cloud Desktop Application安全绕过漏洞（CNVD-2019-39535）的补丁

Patch Description:

基于Windows和macOS平台的Creative Cloud Desktop Application 4.6.1及之前版本中存在安全绕过漏洞，攻击者可利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-8236

Impacted products

Name
Adobe Creative Cloud Desktop Application <=4.6.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8236"
    }
  },
  "description": "Adobe Creative Cloud Desktop Application\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5728Creative\u4e91\u4f1a\u5458\u7ba1\u7406\u4e2d\u5fc3\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u652f\u6301\u540c\u6b65\u548c\u5171\u4eab\u6587\u4ef6\u3001\u7ba1\u7406\u5b57\u4f53\u4ee5\u53ca\u8bbf\u95ee\u5546\u4e1a\u6444\u5f71\u548c\u8bbe\u8ba1\u7684\u8d44\u4ea7\u5e93\u3002\n\n\u57fa\u4e8eWindows\u548cmacOS\u5e73\u53f0\u7684Creative Cloud Desktop Application 4.6.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-39535",
  "openTime": "2019-11-07",
  "patchDescription": "Adobe Creative Cloud Desktop Application\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5728Creative\u4e91\u4f1a\u5458\u7ba1\u7406\u4e2d\u5fc3\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u652f\u6301\u540c\u6b65\u548c\u5171\u4eab\u6587\u4ef6\u3001\u7ba1\u7406\u5b57\u4f53\u4ee5\u53ca\u8bbf\u95ee\u5546\u4e1a\u6444\u5f71\u548c\u8bbe\u8ba1\u7684\u8d44\u4ea7\u5e93\u3002\r\n\r\n\u57fa\u4e8eWindows\u548cmacOS\u5e73\u53f0\u7684Creative Cloud Desktop Application 4.6.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Creative Cloud Desktop Application\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2019-39535\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Creative Cloud Desktop Application \u003c=4.6.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-8236",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-24",
  "title": "Adobe Creative Cloud Desktop Application\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2019-39535\uff09"
}

CVE-2019-8236 (GCVE-0-2019-8236)

Vulnerability from cvelistv5

Published

2019-10-23 20:46

Modified

2024-08-04 21:17

Severity ?

CWE

Security Bypass

Summary

Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

References

▼	URL	Tags
	https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Adobe Creative Cloud Desktop application	Version: Creative Cloud Desktop Application version 4.6.1 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:17:30.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Creative Cloud Desktop application",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Creative Cloud Desktop Application version 4.6.1 and earlier versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-23T20:46:53",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2019-8236",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Creative Cloud Desktop application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Creative Cloud Desktop Application version 4.6.1 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2019-8236",
    "datePublished": "2019-10-23T20:46:53",
    "dateReserved": "2019-02-12T00:00:00",
    "dateUpdated": "2024-08-04T21:17:30.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted