Vulnerabilities > CVE-2020-9643 - Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
adobe
CWE-918
nessus

Summary

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

Common Weakness Enumeration (CWE)

Nessus

NASL familyMisc.
NASL idADOBE_EXPERIENCE_MANAGER_APSB20-31.NASL
descriptionThe version of Adobe Experience Manager installed on the remote host is 6.1.x, 6.2.x, 6.3.x, 6.4.x prior to 6.4.8.1, or 6.5.x prior to 6.5.5.0. It is, therefore, affected by multiple vulnerabilities: - An unspecified server-side request forgery (SSRF) that could result in sensitive information disclosure (CVE-2020-9643) - An unspecified cross-site scripting vulnerability that could result in arbitrary javaScript execution (CVE-2020-9644, CVE-2020-9647, CVE-2020-9648, CVE-2020-9651) - An unspecified blind server-side request forgery that could result sensitive information disclosure (CVE-2020-9645) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen2020-06-13
modified2020-06-12
plugin id137367
published2020-06-12
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/137367
titleAdobe Experience Manager 6.1.x < 6.4.8.1 / 6.5.x < 6.5.5.0 (APSB20-32)