CVE-2021-40713

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.9.0 and earlier

Description The issue is related to errors in the certificate authentication procedure, which can allow a remote attacker to bypass existing security restrictions. Specifically, it involves an improper certificate validation vulnerability in the cold storage component. If an attacker achieves a man-in-the-middle position when the cold server establishes a new certificate, they can harvest sensitive information.

Recommendations For Adobe Experience Manager versions 6.5.9.0 and earlier, consider disabling the cold storage component until a patch is available to prevent exploitation of the improper certificate validation vulnerability. Restrict access to sensitive information to minimize the risk of data harvesting. As a temporary workaround, avoid using the cold storage component for sensitive data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.