PT-2017-15661 · Adobe · Experience Manager

Published

2017-12-09

Updated

2017-12-14

CVE-2017-3111

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.0 through 6.3

Description An issue was discovered where sensitive tokens are included in http GET requests under certain circumstances.

Recommendations For Adobe Experience Manager versions 6.0 through 6.3, consider restricting access to sensitive tokens to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-3111

Affected Products

Experience Manager

PT-2017-15661 · Adobe · Experience Manager

CVE-2017-3111

Weakness Enumeration

Related Identifiers

Affected Products

References · 5