CVE-2019-7847

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

7.5HIGH

EPSS

1.2%

top 21.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Campaign

Timeline

PublishedJul 18

Latest updateMay 24

Description

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDadobe/campaign18.10.5.8984

▶CVEListV5adobe_campaignAdobe Campaign Classic 18.10.5-8984 and earlier versions

🔴Vulnerability Details

GHSA

GHSA-2qp9-4ph2-cj5q: Adobe Campaign Classic version 18↗2022-05-24

▶

CVEList

CVE-2019-7847: Adobe Campaign Classic version 18↗2019-07-18

▶