Adobe Campaign vulnerabilities

CVE-2022-42343 [MEDIUM] CWE-918 CVE-2022-42343: Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Req Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require u

CVE-2021-40745 [HIGH] CWE-22 CVE-2021-40745: Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.

CVE-2021-21009 [HIGH] CWE-918 CVE-2021-21009: Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 2 Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to interna

CVE-2019-7850 [CRITICAL] CWE-77 CVE-2019-7850: Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerabil Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

CVE-2019-7848 [HIGH] CVE-2019-7848: Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control v Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

CVE-2019-7847 [HIGH] CWE-611 CVE-2019-7847: Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.

CVE-2019-7846 [HIGH] CWE-755 CVE-2019-7846: Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vul Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

CVE-2019-7843 [HIGH] CWE-20 CVE-2019-7843: Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validati Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

CVE-2019-7941 [HIGH] CWE-209 CVE-2019-7941: Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Throug Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

CVE-2017-2989 [CRITICAL] CWE-20 CVE-2017-2989: Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploit Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.

CVE-2017-2968 [CRITICAL] CWE-94 CVE-2017-2968: Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.

CVE-2017-2969 [MEDIUM] CWE-79 CVE-2017-2969: Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.