CVE-2023-22266 AEM URL Redirection to Untrusted Site Security feature bypass

2023-03-2200:00:00

CWE-601

adobe

www.cve.org

cve-2023-22266

aem

url redirection

security feature bypass

open redirect

experience manager 6.5.15.0

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.5%

JSON

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Experience Manager",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "6.5.15.0",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]