Vulnerability Description
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat Dc | >= 15.006.30060, <= 15.006.30417 |
| Adobe | Acrobat Reader Dc | >= 15.006.30060, <= 15.006.30417 |
| Apple | Mac Os X | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1040920Third Party AdvisoryVDB Entry
- https://helpx.adobe.com/security/products/acrobat/apsb18-09.htmlPatchVendor Advisory
- http://www.securitytracker.com/id/1040920Third Party AdvisoryVDB Entry
- https://helpx.adobe.com/security/products/acrobat/apsb18-09.htmlPatchVendor Advisory
FAQ
What is CVE-2018-4995?
CVE-2018-4995 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could le...
How severe is CVE-2018-4995?
CVE-2018-4995 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-4995?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat Dc, Adobe Acrobat Reader Dc, Apple Mac Os X, Microsoft Windows.