Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-16469Expression Language Injection in Adobe Experience Manager

CWE-917Expression Language Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
70.6%
top 1.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe Experience ManagerAdobe Experience Manager
Timeline
PublishedJan 15
Latest updateMay 24

Description

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDadobe/experience_manager6.5.06.5.3.0
CVEListV5adobe/adobe_experience_manager6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-vc62-7qvc-6jg4: Adobe Experience Manager versions 62022-05-24

💥Exploits & PoCs

1
Nuclei
Adobe Experience Manager - Expression Language Injection

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter April 2025
CVE-2019-16469 — Expression Language Injection in Adobe | cvebase