How severe is CVE-2022-28244?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2022-28244?

This is classified as CWE-657, which is a common weakness in software security.

CVE-2022-28244 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction in which the victim needs to access a crafted PDF file on an attacker's server.

Related Vulnerabilities

CVE-2019-5478

MEDIUM

CVSS:5.5(Medium)

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boo...

CWE-6572019

CVE-2021-36061

MEDIUM

CVSS:5.4(Medium)

Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability t...

CWE-6572021

CVE-2017-6032

MEDIUM

CVSS:5.3(Medium)

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-fo...

CWE-6572017

CVE-2020-8133

MEDIUM

CVSS:5.3(Medium)

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.

CWE-6572020

CVE-2022-30683

MEDIUM

CVSS:5.3(Medium)

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism...

CWE-6572022

CVE-2023-52714

HIGH

CVSS:7.5(High)

Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CWE-6572023