CVE-2021-21083Improper Access Control in Adobe Experience Manager

CWE-284Improper Access Control2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 42.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Experience Manager
Timeline
PublishedJun 28
Latest updateMay 24

Description

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDadobe/experience_manager6.4.0.06.4.8.4+2
CVEListV5adobe/experience_managerunspecified6.3.3.8

🔴Vulnerability Details

1
GHSA
GHSA-mg45-vhfv-wcj4: AEM's Cloud Service offering, as well as versions 62022-05-24
CVE-2021-21083 — Improper Access Control in Adobe | cvebase