← back
CVE-2021-21009

Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure

CVSS 8.6 HIGHEPSS 3.2%CWE-918
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 3.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Jan 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
Adobe · Campaign

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/campaign/apsb21-04.html