Vulnerabilities > Adobe > Experience Manager > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-26029 | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 9.8 |
| 2022-01-13 | CVE-2021-40722 | XXE vulnerability in Adobe products AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. | 9.8 |
| 2020-09-10 | CVE-2020-9732 | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. | 9.0 |
| 2019-10-25 | CVE-2019-8088 | Command Injection vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. | 9.8 |
| 2019-08-16 | CVE-2019-7964 | Unspecified vulnerability in Adobe Experience Manager 6.4/6.5 Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. | 9.8 |
| 2017-08-11 | CVE-2017-3108 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Experience Manager Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | 9.8 |