CVE-2021-28626 — Improper Authorization in Adobe Experience Manager

CWE-285 — Improper Authorization CWE-287 — Improper Authentication2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager

Timeline

PublishedAug 24

Latest updateMay 24

Description

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5adobe/experience_managerunspecified — 6.5.8.0

▶NVDadobe/experience_manager6.5.8.0

🔴Vulnerability Details

GHSA

GHSA-7c6q-7j7v-99c4: Adobe Experience Manager Cloud Service offering, as well as versions 6↗2022-05-24

▶