CVE-2024-32488 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
foxit	pdf_editor	𝑥 < 10.1.12.37872
foxit	pdf_editor	11.0.0 ≤ 𝑥 < 11.2.8.53842
foxit	pdf_editor	12.0.0 ≤ 𝑥 < 12.1.4.15400
foxit	pdf_editor	13.0.0 ≤ 𝑥 < 13.0.1.21693
foxit	pdf_editor	2023.1.0.15510 ≤ 𝑥 < 2023.3.0.23028
foxit	pdf_reader	𝑥 < 2023.3.0.23028

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-280 - Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.

References

https://www.foxit.com/support/security-bulletins.html

https://www.foxit.com/support/security-bulletins.html