CVE-2023-48608 — Improper Input Validation in Adobe Experience Manager

CWE-20 — Improper Input Validation2 documents2 sources

Severity

3.5LOWNVD

EPSS

0.6%

top 31.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Adobe Experience Manager

Timeline

PublishedDec 15

Description

Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶NVDadobe/experience_manager6.5.18

▶CVEListV5adobe/adobe_experience_manager6.5.18

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-hh8c-hj2c-p9pw: Adobe Experience Manager versions 6↗2023-12-15

▶