Bulletin ID
Security update available for Adobe ops-cli | APSB21-88
|
Date Published |
Priority |
---|---|---|
APSB21-88 |
October 12, 2021 |
3 |
Summary
Adobe has released an update for Adobe ops-cli. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected versions
Product |
Affected version |
Platform |
Adobe ops-cli |
2.0.4 and earlier versions |
All |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the latest.
Product |
Updated version |
Platform |
Priority rating |
Availability |
Adobe ops-cli |
2.0.5 |
All |
3 |
Vulnerability Details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
---|---|---|---|---|---|
Deserialization of Untrusted Data (CWE-502) |
Arbitrary code execution |
Critical |
9.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-40720 |
Acknowledgments
Adobe would like to thank Abhiram V. from UST Global for reporting this issue and for working with Adobe to help protect our customers.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.