Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0956Sensitive Information Exposure in Adobe Experience Manager

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
13.3%
top 5.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Experience Manager
Timeline
PublishedFeb 10
Latest updateMay 14

Description

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDadobe/experience_manager5.6.1, 6.0.0, 6.1.0+2

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
OSV
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post2022-05-14
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure2016-02-10
CVE-2016-0956 — Sensitive Information Exposure in Adobe | cvebase