CVE-2021-44714

LOW
Published Jan 14, 20224y ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published Jan 14, 2022 4y ago
Last Modified Jun 17, 2026 2w ago

Description

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-657

Affected Products 12

VendorProductVersionRange
adobeacrobat_dc*≥15.008.20082  –  ≤21.007.20099
adobeacrobat_reader_dc*≥15.008.20082  –  ≤21.007.20099
microsoftwindows*any
adobeacrobat*≥17.011.30059  –  ≤17.011.30204
adobeacrobat*≥20.001.30005  –  ≤20.004.30017
adobeacrobat_reader*≥17.011.30059  –  ≤17.011.30204
adobeacrobat_reader*≥20.001.30005  –  ≤20.004.30017
applemacos*any
microsoftwindows*any
adobeacrobat_dc*≥15.008.20082  –  ≤21.007.20099
adobeacrobat_reader_dc*≥15.008.20082  –  ≤21.007.20099
applemacos*any

References 1

  • helpx.adobe.com https://helpx.adobe.com/security/products/acrobat/apsb22-01.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.