CVE-2021-28627

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.8.0 and below Adobe Experience Manager Cloud Service offering

Description The issue is related to insufficient validation of incoming requests, allowing an authenticated attacker to leverage a Server-side Request Forgery to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction.

Recommendations For Adobe Experience Manager versions 6.5.8.0 and below, update to a version above 6.5.8.0 to resolve the issue. For Adobe Experience Manager Cloud Service offering, contact the vendor for specific guidance on resolving the issue. As a temporary workaround, consider restricting access to the dispatcher to minimize the risk of exploitation.