CVE-2016-7885Cross-Site Request Forgery in Adobe Experience Manager

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
OSV5.5
EPSS
1.2%
top 21.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex Jbig2decAdobe Experience Manager
Timeline
PublishedDec 15
Latest updateMay 17

Description

Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Ubuntuartifex/jbig2dec< 0.11+20120125-1ubuntu1.1+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-fqfx-pf4p-4w43: Adobe Experience Manager versions 62022-05-17
OSV
jbig2dec vulnerabilities2017-05-24
CVE-2016-7885 — Cross-Site Request Forgery in Adobe | cvebase