CVE-2020-24444 — Server-Side Request Forgery in Adobe Experience Manager Forms Add-on

CWE-918 — Server-Side Request Forgery2 documents2 sources

Severity

5.8MEDIUMNVD

EPSS

0.6%

top 30.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Adobe Experience Manager Forms Add-on

Timeline

PublishedDec 10

Latest updateMay 24

Description

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDadobe/experience_manager_forms_add-on6.4.8.2, 6.5.6.0+1

▶CVEListV5adobe/experience_managerForms SP6 add-on for AEM 6.5.6.0

🔴Vulnerability Details

GHSA

GHSA-w7cr-rvwx-67q2: AEM Forms SP6 add-on for AEM 6↗2022-05-24

▶