← back
CVE-2021-28626

Adobe Experience Manager Improper Authorization at /content/usergenerated

CVSS 3.7 LOWEPSS 1.3%CWE-285
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.7EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
Adobe · Experience Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/experience-manager/apsb21-39.html