RSS   Podatności dla 'Experience manager'   RSS

2021-11-16
 
CVE-2021-42725

CWE-863
 

 
Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access.

 
2021-09-27
 
CVE-2021-40711

CWE-79
 

 

 
 
CVE-2021-40712

CWE-20
 

 
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.

 
 
CVE-2021-40713

CWE-295
 

 
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.

 
 
CVE-2021-40714

CWE-79
 

 
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser

 
2021-08-24
 
CVE-2021-28625

CWE-79
 

 

 
 
CVE-2021-28626

CWE-287
 

 
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.

 
 
CVE-2021-28627

CWE-918
 

 
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction.

 
 
CVE-2021-28628

CWE-79
 

 

 
2021-06-28
 
CVE-2021-21083

CWE-284
 

 
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.

 


Copyright 2021, cxsecurity.com

 

Back to Top