Adobe Experience Manager vulnerabilities

CVE-2020-9743 [MEDIUM] CWE-20 CVE-2020-9743: AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and be AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request t

CVE-2020-9734 [MEDIUM] CWE-79 CVE-2020-9734: The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a store The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.

CVE-2020-9645 [HIGH] CWE-918 CVE-2020-9645: Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vu Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2020-9643 [HIGH] CWE-918 CVE-2020-9643: Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerab Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2020-9651 [MEDIUM] CWE-79 CVE-2020-9651: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerabil Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-9647 [MEDIUM] CWE-79 CVE-2020-9647: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerabil Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-9648 [MEDIUM] CWE-79 CVE-2020-9648: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Success Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-9644 [MEDIUM] CWE-79 CVE-2020-9644: Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

CVE-2020-3769 [HIGH] CWE-918 CVE-2020-3769: Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerab Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2020-3741 [HIGH] CWE-400 CVE-2020-3741: Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerabili Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.

CVE-2019-16469 [HIGH] CWE-917 CVE-2019-16469: Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injec Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-16468 [HIGH] CWE-74 CVE-2019-16468: Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-16467 [MEDIUM] CWE-79 CVE-2019-16467: Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scrip Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-16466 [MEDIUM] CWE-79 CVE-2019-16466: Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scrip Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-8088 [CRITICAL] CWE-77 CVE-2019-8088: Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Succ Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-8081 [HIGH] CVE-2019-8081: Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-8082 [HIGH] CWE-611 CVE-2019-8082: Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerabilit Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-8087 [HIGH] CWE-611 CVE-2019-8087: Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnera Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-8086 [HIGH] CWE-611 CVE-2019-8086: Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnera Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVE-2019-8085 [MEDIUM] CWE-79 CVE-2019-8085: Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulner Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.