CVE-2022-44488 — Open Redirect in Adobe Experience Manager

CWE-601 — Open Redirect3 documents3 sources

Severity

5.4MEDIUMNVD

CNA3.5

EPSS

0.4%

top 38.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Adobe Experience Manager Cloud Service

Timeline

PublishedDec 19

Latest updateDec 21

Description

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDadobe/experience_manager< 6.5.15.0

▶NVDadobe/experience_manager_cloud_service< 2022.10.0

▶CVEListV5adobe/experience_managerunspecified — 6.5.14.0+1

🔴Vulnerability Details

CVEList

AEM URL Redirection to Untrusted Site Security feature bypass↗2022-12-21

▶

GHSA

GHSA-pr9x-x3m8-8fgx: Adobe Experience Manager version 6↗2022-12-19

▶