CVE-2021-21083

Published: Jun 28, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: psirt@adobe.com (Secondary)

Description

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user.

Affected (4)

Products: Adobe: Experience Manager, Experience Manager Cloud Service

Adobe

2 products

Experience Manager

Experience Manager Cloud Service

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Adobe Experience Manager	Up to 6.3.3.8
Adobe Experience Manager	From 6.4.0.0 to 6.4.8.4
Adobe Experience Manager	From 6.5.0.0 to 6.5.8.0
Adobe Experience Manager Cloud Service	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.