PT-2021-6940 · Adobe · Experience Manager

Published

2021-06-08

Updated

2022-04-25

CVE-2021-28626

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.8.0 and below Adobe Experience Manager Cloud Service offering

Description The issue is related to an Improper Authorization vulnerability, allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.

Recommendations For Adobe Experience Manager versions 6.5.8.0 and below, update to a version above 6.5.8.0 to resolve the issue. For Adobe Experience Manager Cloud Service offering, contact Adobe support for guidance on resolving the issue.

Fix

DoS

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BDU:2022-02710

CVE-2021-28626

Affected Products

Experience Manager

PT-2021-6940 · Adobe · Experience Manager

CVE-2021-28626

Weakness Enumeration

Related Identifiers

Affected Products

References · 6