Information Disclosure Vulnerability in Autodesk Inventor Products
CVE-2021-40159

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Inventor
Vendor: CVE Published:; 25 January 2022

What is CVE-2021-40159?

An information disclosure flaw exists in Autodesk Inventor, specifically impacting the processing of JT files. This vulnerability has the potential to expose sensitive information and may allow attackers to execute malicious code if a user opens a specially crafted JT file within the application. Users of Autodesk Inventor 2019 through 2022 are advised to apply relevant security updates to mitigate any potential risks. For further details, refer to the security advisories provided by Autodesk and Zero Day Initiative.

Affected Version(s)

Inventor 2022, 2021, 2020, 2019

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

https://www.zerodayinitiative.com/advisories/ZDI-22-282/

https://www.zerodayinitiative.com/advisories/ZDI-22-289/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Aug 27, 2021