Name of the Vulnerable Software and Affected Versions:

Adobe Experience Manager versions 6.5.23 and earlier

Description:

Adobe Experience Manager is susceptible to an Improper Restriction of XML External Entity Reference ('XXE') issue. Successful exploitation of this issue could allow an attacker to read arbitrary files from the file system without requiring user interaction.

Recommendations:

Update Adobe Experience Manager to a version later than 6.5.23.