Lucene search

AdobeCVE-2020-9743

HistorySep 10, 2020 - 5:15 p.m.

CVE-2020-9743

2020-09-1017:15:41

CWE-20

CWE-79

adobe

web.nvd.nist.gov

cve-2020-9743

aem

html injection

vulnerability

content editor

unauthenticated users

http request

phishing

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).

Affected configurations

Nvd

Vulners

Node

adobeexperience_managerRange6.3.0.0–6.3.3.8

adobeexperience_managerRange6.4.0.0–6.4.8.1

adobeexperience_managerRange6.5.0.0–6.5.5.0

adobeexperience_managerMatch6.2.0.0sp1

adobeexperience_managerMatch6.2.0.0sp1-cfp1

adobeexperience_managerMatch6.2.0.0sp1-cfp10

adobeexperience_managerMatch6.2.0.0sp1-cfp11

adobeexperience_managerMatch6.2.0.0sp1-cfp12.1

adobeexperience_managerMatch6.2.0.0sp1-cfp13

adobeexperience_managerMatch6.2.0.0sp1-cfp14

adobeexperience_managerMatch6.2.0.0sp1-cfp15

adobeexperience_managerMatch6.2.0.0sp1-cfp16

adobeexperience_managerMatch6.2.0.0sp1-cfp17

adobeexperience_managerMatch6.2.0.0sp1-cfp18

adobeexperience_managerMatch6.2.0.0sp1-cfp19

adobeexperience_managerMatch6.2.0.0sp1-cfp2

adobeexperience_managerMatch6.2.0.0sp1-cfp20

adobeexperience_managerMatch6.2.0.0sp1-cfp3

adobeexperience_managerMatch6.2.0.0sp1-cfp4

adobeexperience_managerMatch6.2.0.0sp1-cfp5

adobeexperience_managerMatch6.2.0.0sp1-cfp6

adobeexperience_managerMatch6.2.0.0sp1-cfp7

adobeexperience_managerMatch6.2.0.0sp1-cfp8

adobeexperience_managerMatch6.2.0.0sp1-cfp9

VendorProductVersionCPE
adobeexperience_manager*cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp1:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp10:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp11:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp12.1:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp13:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp14:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp15:*:*:*:*:*:*
adobeexperience_manager6.2.0.0cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp16:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	experience_manager	*	cpe:2.3:a:adobe:experience_manager::::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp1::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp10::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp11::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp12.1::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp13::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp14::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp15::::::
adobe	experience_manager	6.2.0.0	cpe:2.3:a:adobe:experience_manager:6.2.0.0:sp1-cfp16::::::

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "product": "Experience Manager",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "6.5.5.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "6.4.8.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "6.3.3.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "6.2 SP1-CFP20",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/experience-manager/apsb20-56.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

Related for CVE-2020-9743