CVE-2021-43762 — Improper Input Validation in Adobe Experience Manager

CWE-20 — Improper Input Validation2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

2.3%

top 15.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager

Timeline

PublishedJan 13

Latest updateJan 14

Description

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5adobe/experience_managerunspecified — 6.5.10.0

▶NVDadobe/experience_manager6.5.10.0

🔴Vulnerability Details

GHSA

GHSA-qr5v-fwp7-vh85: AEM's Cloud Service offering, as well as version 6↗2022-01-14

▶