← back
CVE-2021-40722

AEM Forms Improper Restriction of XML External Entity Reference

CVSS 9.8 CRITICALEPSS 3.3%CWE-611
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Adobe · Experience Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html