Details of VAR-202112-0753

ID

VAR-202112-0753

CVE

CVE-2021-44231

TITLE

Adobe After Effects Code injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-1098

DESCRIPTION

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Trust: 1.0

sources: NVD: CVE-2021-44231

AFFECTED PRODUCTS

vendor:	sap	model:	abap platform	scope:	eq	version:	754	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	753	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	755	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	750	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	740	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	804	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	754	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	755	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	740	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	756	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	751	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	750	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	752	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	756	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	751	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	752	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	701	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	753	Trust: 1.0
vendor:	sap	model:	abap platform	scope:	eq	version:	804	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	701	Trust: 1.0

sources: NVD: CVE-2021-44231

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-44231
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202112-1098
value:	CRITICAL
Trust: 0.6

NVD:	CVE-2021-44231
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0

NVD:	CVE-2021-44231
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202112-1098 // NVD: CVE-2021-44231

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.0

sources: NVD: CVE-2021-44231

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-1098

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-1098

CONFIGURATIONS

sources: NVD: CVE-2021-44231

PATCH

title:

Adobe After Effects Fixes for code injection vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175556

Trust: 0.6

sources: CNNVD: CNNVD-202112-1098

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44231	Trust: 1.6
db:	CNNVD	id:	CNNVD-202112-1098	Trust: 0.6

sources: CNNVD: CNNVD-202112-1098 // NVD: CVE-2021-44231

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/3119365	Trust: 1.6
url:	https://wiki.scn.sap.com/wiki/display/psr/sap+security+patch+day+-+december+2021	Trust: 1.6
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-37068	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44231	Trust: 0.6

sources: CNNVD: CNNVD-202112-1098 // NVD: CVE-2021-44231

SOURCES

db:	CNNVD	id:	CNNVD-202112-1098
db:	NVD	id:	CVE-2021-44231

LAST UPDATE DATE

2022-05-04T09:41:50.287000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202112-1098	date:	2021-12-22T00:00:00
db:	NVD	id:	CVE-2021-44231	date:	2021-12-17T18:59:00

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202112-1098	date:	2021-12-14T00:00:00
db:	NVD	id:	CVE-2021-44231	date:	2021-12-14T16:15:00