Vulnerability CVE-2019-7847


Published: 2019-07-18

Description:
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Adobe -> Campaign 

 References:
https://helpx.adobe.com/security/products/campaign/apsb19-28.html

Copyright 2020, cxsecurity.com

 

Back to Top