CVE-2023-48441 — Improper Access Control in Adobe Experience Manager

CWE-284 — Improper Access Control2 documents2 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 63.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Adobe Experience Manager

Timeline

PublishedDec 15

Description

Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDadobe/experience_manager6.5.18.0

▶CVEListV5adobe/adobe_experience_manager6.5.18

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-3x54-hx35-g26f: Adobe Experience Manager versions 6↗2023-12-15

▶