XXE in Adobe Acrobat
CVE-2024-49535
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide mali…
Vulnerability class: XXE (XML External Entity)
EPSS: 0.004 (31.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- psirt@adobe.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2024-49535?
- CVE-2024-49535 is a medium-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.3/10. Published 2024-12-10.
- How severe is CVE-2024-49535?
- Medium severity. CVSS v3 base score is 6.3 out of 10.