CVE-2021-43762

Published: Jan 13, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.

Affected (2)

Products: Adobe: Experience Manager, Experience Manager Cloud Service

2 products

Experience Manager

Experience Manager Cloud Service

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Experience Manager	Up to 6.5.10.0
Adobe Experience Manager Cloud Service	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html

Source: psirt@adobe.com

Release NotesVendor Advisory

https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.