What is CVE-2021-28634?

CVE-2021-28634 is a high-severity vulnerability in Adobe Acrobat Reader, classified under OS Command Injection. CVSS score: 8.2/10. Published 2021-08-20.

How severe is CVE-2021-28634?

High severity. CVSS v3 base score is 8.2 out of 10.

RCE in Adobe Acrobat Reader

CVE-2021-28634

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could le…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Adobe Acrobat Reader — versions unspecified

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

helpx.adobe.com/security/products/acrobat/apsb21-51.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-28634?: CVE-2021-28634 is a high-severity vulnerability in Adobe Acrobat Reader, classified under OS Command Injection. CVSS score: 8.2/10. Published 2021-08-20.
How severe is CVE-2021-28634?: High severity. CVSS v3 base score is 8.2 out of 10.