Adobe Experience Manager vulnerabilities
1,088 known vulnerabilities affecting adobe/experience_manager.
Total CVEs
1,088
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH27MEDIUM1042LOW8
Vulnerabilities
Page 54 of 55
CVE-2018-12807MEDIUMCVSS 5.3≥ 6.1.2.1, ≤ 6.1.2.16≥ 6.2.1.1, ≤ 6.2.1.15+1 more2018-08-29
CVE-2018-12807 [MEDIUM] CWE-20 CVE-2018-12807: Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulner
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification.
nvd
CVE-2018-5006HIGHCVSS 7.5≤ 6.4.02018-07-20
CVE-2018-5006 [HIGH] CWE-918 CVE-2018-5006: Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability.
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
nvd
CVE-2018-12809HIGHCVSS 7.5≤ 6.4.02018-07-20
CVE-2018-12809 [HIGH] CWE-918 CVE-2018-12809: Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability.
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
nvd
CVE-2018-5004HIGHCVSS 7.5≥ 6.2.0, < 6.4.02018-07-20
CVE-2018-5004 [HIGH] CWE-918 CVE-2018-5004: Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Succ
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
nvd
CVE-2018-4930MEDIUMCVSS 6.1≤ 6.3.02018-05-19
CVE-2018-4930 [MEDIUM] CWE-79 CVE-2018-4930: Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerabi
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
nvd
CVE-2018-4929MEDIUMCVSS 6.1≤ 6.2.02018-05-19
CVE-2018-4929 [MEDIUM] CWE-79 CVE-2018-4929: Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vu
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
nvd
CVE-2018-4931MEDIUMCVSS 6.1≤ 6.1.02018-05-19
CVE-2018-4931 [MEDIUM] CWE-79 CVE-2018-4931: Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vu
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
nvd
CVE-2018-4876MEDIUMCVSS 6.1v6.1.0v6.2.0+1 more2018-02-27
CVE-2018-4876 [MEDIUM] CWE-79 CVE-2018-4876: Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a byp
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.
nvd
CVE-2018-4875MEDIUMCVSS 6.1v6.0.0v6.1.02018-02-27
CVE-2018-4875 [MEDIUM] CWE-79 CVE-2018-4875: Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vul
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.
nvd
CVE-2017-3111HIGHCVSS 7.5v6.1.0v6.2.02017-12-09
CVE-2017-3111 [HIGH] CWE-200 CVE-2017-3111: An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are include
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
nvd
CVE-2017-3109MEDIUMCVSS 6.1v6.0.0v6.1.0+2 more2017-12-09
CVE-2017-3109 [MEDIUM] CWE-79 CVE-2017-3109: An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.
nvd
CVE-2017-11296MEDIUMCVSS 6.1v6.0.0v6.1.0+2 more2017-12-09
CVE-2017-11296 [MEDIUM] CWE-79 CVE-2017-11296: An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulne
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
nvd
CVE-2017-3108CRITICALCVSS 9.8≤ 6.22017-08-11
CVE-2017-3108 [CRITICAL] CWE-434 CVE-2017-3108: Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.
nvd
CVE-2017-3110HIGHCVSS 7.5≤ 6.12017-08-11
CVE-2017-3110 [HIGH] CWE-200 CVE-2017-3110: Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
nvd
CVE-2017-3107HIGHCVSS 7.5≤ 6.32017-08-11
CVE-2017-3107 [HIGH] CWE-200 CVE-2017-3107: Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
nvd
CVE-2016-7885HIGHCVSS 8.8≤ 6.2.02016-12-15
CVE-2016-7885 [HIGH] CWE-352 CVE-2016-7885: Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-S
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.
nvd
CVE-2016-6933MEDIUMCVSS 6.1v6.0.0v6.1.0+1 more2016-12-15
CVE-2016-6933 [MEDIUM] CWE-79 CVE-2016-6933: Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.
nvd
CVE-2016-7882MEDIUMCVSS 6.1≤ 6.2.02016-12-15
CVE-2016-7882 [MEDIUM] CWE-79 CVE-2016-7882: Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug fil
Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.
nvd
CVE-2016-7883MEDIUMCVSS 6.1v6.2.02016-12-15
CVE-2016-7883 [MEDIUM] CWE-79 CVE-2016-7883: Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that coul
Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.
nvd
CVE-2016-7884MEDIUMCVSS 6.1≤ 6.1.02016-12-15
CVE-2016-7884 [MEDIUM] CWE-79 CVE-2016-7884: Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create a
Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.
nvd