CVE-2022-42343

Name of the Vulnerable Software and Affected Versions Adobe Campaign versions 7.3.1 and earlier Adobe Campaign versions 8.3.9 and earlier

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. The vulnerability is associated with insufficient checking of incoming requests, which may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For Adobe Campaign versions 7.3.1 and earlier, update to a version later than 7.3.1 to resolve the issue. For Adobe Campaign versions 8.3.9 and earlier, update to a version later than 8.3.9 to resolve the issue. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation.