CVE-2021-28627Server-Side Request Forgery in Adobe Experience Manager

CWE-918Server-Side Request Forgery2 documents2 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 37.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Experience Manager
Timeline
PublishedAug 24
Latest updateMay 24

Description

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/experience_managerunspecified6.5.8.0

🔴Vulnerability Details

1
GHSA
GHSA-h4cp-xwqq-m567: Adobe Experience Manager Cloud Service offering, as well as versions 62022-05-24
CVE-2021-28627 — Server-Side Request Forgery in Adobe | cvebase