CVE-2021-21009

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
8.6HIGH
EPSS
0.8%
top 25.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe CampaignAdobe Campaign Classic
Timeline
PublishedJan 13
Latest updateMay 24

Description

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDadobe/campaign_classic19.219.2.3+5
CVEListV5adobe/campaignunspecified20.3.1 and earlier+5

🔴Vulnerability Details

2
GHSA
GHSA-63w7-2rqx-q97m: Adobe Campaign Classic Gold Standard 10 (and earlier), 202022-05-24
CVEList
Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure2021-01-13
CVE-2021-21009 (HIGH CVSS 8.6) | Adobe Campaign Classic Gold Standar | cvebase.io