CVE-2022-42343

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 25.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe CampaignAdobe Adobe Campaign Classic (acc)
Timeline
PublishedDec 16
Latest updateDec 21

Description

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDadobe/campaign8.0.08.4.2+1
CVEListV5adobe/adobe_campaign_classic_(acc)unspecified7.3.1+2

🔴Vulnerability Details

2
GHSA
GHSA-m9gf-7pr5-72cf: Adobe Campaign version 72022-12-21
CVEList
Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read2022-12-19
CVE-2022-42343 (MEDIUM CVSS 6.5) | Adobe Campaign version 7.3.1 (and e | cvebase.io