{"api_version":"1","generated_at":"2026-05-06T16:57:54+00:00","cve":"CVE-2021-39827","urls":{"html":"https://cve.report/CVE-2021-39827","api":"https://cve.report/api/cve/CVE-2021-39827.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-39827","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-39827"},"summary":{"title":"CVE-2021-39827","description":"Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.","state":"PUBLIC","assigner":"psirt@adobe.com","published_at":"2021-09-27 16:15:00","updated_at":"2021-11-18 16:06:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html","name":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html","refsource":"MISC","tags":[],"title":"Adobe Security Bulletin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-39827","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39827","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"39827","vulnerable":"1","versionEndIncluding":"4.5.11.187646","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"digital_editions","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"39827","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-39827","qid":"375859","title":"Adobe Digital Editions Multiple Vulnerabilities (APSB21-80)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@adobe.com","DATE_PUBLIC":"2021-09-14T23:00:00.000Z","ID":"CVE-2021-39827","STATE":"PUBLIC","TITLE":"Adobe Digital Editions Installer flaw leads to Arbitrary File System Write"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Digital Editions","version":{"version_data":[{"version_affected":"<=","version_value":"4.5.11.187646"},{"version_affected":"<=","version_value":"None"},{"version_affected":"<=","version_value":"None"},{"version_affected":"<=","version_value":"None"}]}}]},"vendor_name":"Adobe"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability."}]},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Local","availabilityImpact":"High","baseScore":6.5,"baseSeverity":"Medium","confidentialityImpact":"High","integrityImpact":"High","privilegesRequired":"High","scope":"Unchanged","userInteraction":"Required","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html","name":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-09-27 16:15:00","lastModifiedDate":"2021-11-18 16:06:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.6,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.11.187646","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"39827","Ordinal":"215533","Title":"CVE-2021-39827","CVE":"CVE-2021-39827","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"39827","Ordinal":"1","NoteData":"Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"39827","Ordinal":"2","NoteData":"2021-09-27","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"39827","Ordinal":"3","NoteData":"2021-09-27","Type":"Other","Title":"Modified"}]}}}