CVE-2021-28626

Published: Aug 24, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.

Affected (1)

Products: Adobe: Experience Manager

1 product

Experience Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Experience Manager	Up to 6.5.8.0

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://helpx.adobe.com/security/products/experience-manager/apsb21-39.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/experience-manager/apsb21-39.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.