CVE-2018-12809

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.4 and earlier

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploitation could lead to sensitive information disclosure. The SSRF vulnerability can be exploited via the Opensocial proxy, with API endpoints such as "/libs/opensocial/proxy?container=default&url=http://target" and "/libs/shindig/proxy?container=default&url=http://target". Additionally, SSRF can occur via the ReportingServicesProxyServlet.

Recommendations For Adobe Experience Manager versions 6.4 and earlier, consider disabling access to the Opensocial proxy and the ReportingServicesProxyServlet as a temporary workaround until a patch is available. Restrict access to the API endpoints "/libs/opensocial/proxy" and "/libs/shindig/proxy" to minimize the risk of exploitation. Avoid using the url parameter in the affected API endpoints until the issue is resolved.