Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveAdobeCVE-2020-24444
HistoryDec 10, 2020 - 6:15 a.m.

CVE-2020-24444

2020-12-1006:15:13
CWE-918
adobe
web.nvd.nist.gov
55
cve-2020-24444
aem forms
sp6
ssrf
vulnerability
unauthenticated attacker
internal systems
network

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.

Affected configurations

Nvd
Vulners
Node
adobeexperience_manager_forms_add-onMatch6.4.8.2
OR
adobeexperience_manager_forms_add-onMatch6.5.6.0
VendorProductVersionCPE
adobeexperience_manager_forms_add-on6.4.8.2cpe:2.3:a:adobe:experience_manager_forms_add-on:6.4.8.2:*:*:*:*:*:*:*
adobeexperience_manager_forms_add-on6.5.6.0cpe:2.3:a:adobe:experience_manager_forms_add-on:6.5.6.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Experience Manager",
    "vendor": "Adobe",
    "versions": [
      {
        "status": "affected",
        "version": "<= Forms SP6 add-on for AEM 6.5.6.0"
      },
      {
        "status": "affected",
        "version": "<= Forms SP8 add-on for AEM 6.4.8.2"
      },
      {
        "status": "affected",
        "version": "<= None"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
nessus 1
adobe 1
threatpost 1
prion
prion
Server side request forgery (ssrf)
2020-12-10 06:15:00
cvelist
cvelist
CVE-2020-24444 Blind SSRF in Forms add-on for AEM
2020-12-10 05:32:53
nvd
nvd
CVE-2020-24444
2020-12-10 06:15:13
nessus
nessus
Adobe Experience Manager 6.2 <= 6.2 SP1-CFP20 / 6.3 <= 6.3.3.8 / 6.4 < 6.4.8.3 / 6.5 < 6.5.7.0 Multiple Vulnerabilities (APSB20-01)
2020-12-10 00:00:00
adobe
adobe
APSB20-72 Security update available for Adobe Experience Manager
2020-12-08 00:00:00
threatpost
threatpost
Adobe Warns Windows, macOS Users of Critical-Severity Flaws
2020-12-08 16:36:45

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON
Related for CVE-2020-24444
prion1cvelist1nvd1nessus1adobe1threatpost1