**Name of the Vulnerable Software and Affected Versions**

Adobe Experience Manager versions 6.5.23 and earlier

**Description**

Adobe Experience Manager is affected by a misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code without user interaction, and the scope of the vulnerability has been changed. Public Proof-of-Concept (PoC) exploits are available. Approximately 5,200 instances of Adobe Experience Manager are discoverable online.

**Recommendations**

Adobe Experience Manager versions prior to 6.5.24 are affected.

Update to a newer version to address this vulnerability.

As a temporary workaround, restrict internet access to vulnerable systems.