CVE-2020-9733

CWE-200 — Information Exposure CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Adobe Experience Manager Forms

Timeline

PublishedSep 10

Latest updateMay 24

Description

An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5adobe/experience_managerunspecified — 6.5.5.0+2

▶NVDadobe/experience_manager6.3.0.0 — 6.3.3.8+3

▶NVDadobe/experience_manager_forms6.4.8.1, 6.5.5.0+1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-wrr9-hwhq-cmwg: An AEM java servlet in AEM versions 6↗2022-05-24

▶

CVEList

Sensitive information disclosure possible in AEM↗2020-09-10

▶