漏洞标题
Acrobat Android:过度安全发现:通过攻击者控制的输出文件路径任意文件覆盖
漏洞描述信息
Adobe Acrobat Mobile Sign for Android 版本 24.4.2.33155 及以前版本受到影响的“路径遍历(Improper Limitation of a Pathname to a Restricted Directory)”漏洞可能导致安全功能被绕过。攻击者可能利用此漏洞访问受限目录之外的文件和目录,以及任意文件进行覆盖。利用此问题不需要用户交互,且攻击复杂度较高。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Acrobat Android : OverSecured Finding : Overwriting arbitrary files via attacker-controlled output file paths
漏洞描述信息
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are outside the restricted directory and also to overwrite arbitrary files. Exploitation of this issue does not requires user interaction and attack complexity is high.
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Adobe Acrobat Mobile Sign Android 路径遍历漏洞
漏洞描述信息
Adobe Acrobat是美国奥多比(Adobe)公司的一套PDF文件编辑和转换工具。 Adobe Acrobat Mobile Sign Android 24.4.2.33155 版本及之前版本存在路径遍历漏洞,该漏洞源于受到路径名不当限制到受限目录(“路径遍历”)漏洞的影响,该漏洞可能导致安全功能绕过。
CVSS信息
N/A
漏洞类别
路径遍历