Vulnerabilities > CVE-2020-9645 - Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Misc. |
| NASL id | ADOBE_EXPERIENCE_MANAGER_APSB20-31.NASL |
| description | The version of Adobe Experience Manager installed on the remote host is 6.1.x, 6.2.x, 6.3.x, 6.4.x prior to 6.4.8.1, or 6.5.x prior to 6.5.5.0. It is, therefore, affected by multiple vulnerabilities: - An unspecified server-side request forgery (SSRF) that could result in sensitive information disclosure (CVE-2020-9643) - An unspecified cross-site scripting vulnerability that could result in arbitrary javaScript execution (CVE-2020-9644, CVE-2020-9647, CVE-2020-9648, CVE-2020-9651) - An unspecified blind server-side request forgery that could result sensitive information disclosure (CVE-2020-9645) Note that Nessus has not tested for these issues but has instead relied only on the application |
| last seen | 2020-06-13 |
| modified | 2020-06-12 |
| plugin id | 137367 |
| published | 2020-06-12 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/137367 |
| title | Adobe Experience Manager 6.1.x < 6.4.8.1 / 6.5.x < 6.5.5.0 (APSB20-32) |