What is CVE-2022-23202?

CVE-2022-23202 is a high-severity vulnerability in Adobe Creative Cloud (Desktop Component), classified under Uncontrolled Search Path Element. CVSS score: 7.0/10. Published 2022-02-16.

How severe is CVE-2022-23202?

High severity. CVSS v3 base score is 7.0 out of 10.

Is CVE-2022-23202 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Adobe Creative Cloud (Desktop Component)

CVE-2022-23202

Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…

EPSS: 0.073 (91.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Adobe Creative Cloud (Desktop Component) — versions unspecified

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

Public proof-of-concept exploits

References

helpx.adobe.com/security/products/creative-cloud/apsb22-11.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-23202?: CVE-2022-23202 is a high-severity vulnerability in Adobe Creative Cloud (Desktop Component), classified under Uncontrolled Search Path Element. CVSS score: 7.0/10. Published 2022-02-16.
How severe is CVE-2022-23202?: High severity. CVSS v3 base score is 7.0 out of 10.
Is CVE-2022-23202 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.