Flash End of Life #312
Description
Following Adobe's announcement (see below, ref. https://www.adobe.com/products/flashplayer/end-of-life.html) it is proposed to downgrade all Flash-based VRT entries to P5:
Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.
Some users may continue to see reminders from Adobe to uninstall Flash Player from their system.
Here is the list of current entries. Any entries that are not P5 will be subjected to a severity rating downgrade:
P4 - Cross-Site Request Forgery (CSRF) > Flash-Based > High Impact
P5 - Cross-Site Request Forgery (CSRF) > Flash-Based > Low Impact
P4 – Cross-Site Scripting (XSS) > Flash-Based
P4 – Using Components with Known Vulnerabilities > Rosetta Flash
P5 – Server-Side Injection > Content Spoofing > Flash Based External Authentication Injection
P5 – Unvalidated Redirects and Forwards > Open Redirect > Flash-Based