CVE-2018-15967

high-risk

Published 2018-09-25

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.

Do I need to act?

9.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (7)

Flash Player Desktop Runtime

Flash Player

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Affected Vendors

Redhat Adobe

References (8)

Third Party Advisory http://www.securityfocus.com/bid/105315

Third Party Advisory http://www.securitytracker.com/id/1041620

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2707

Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb18-31.html

Third Party Advisory http://www.securityfocus.com/bid/105315

Third Party Advisory http://www.securitytracker.com/id/1041620

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2707

Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb18-31.html

/ 100

high-risk

Severity 26/34 · High

Exploitability 11/34 · Low

Exposure 14/34 · Moderate