CVE-2022-42351Incorrect Authorization in Adobe Experience Manager

CWE-863Incorrect Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 57.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Experience ManagerAdobe Experience Manager Cloud Service
Timeline
PublishedDec 16
Latest updateDec 21

Description

Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to disclose low level confidentiality information. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDadobe/experience_manager< 6.5.15.0
CVEListV5adobe/experience_managerunspecified6.5.14.0+1

🔴Vulnerability Details

2
GHSA
GHSA-cq2j-c37j-79hh: Adobe Experience Manager version 62022-12-21
CVEList
AEM Incorrect Authorization Security feature bypass2022-12-19
CVE-2022-42351 — Incorrect Authorization in Adobe | cvebase