CVE-2024-41849

2024-08-2317:15:08

CWE-20

[email protected]

web.nvd.nist.gov

adobe experience manager

6.5.20

improper input validation

security feature bypass

low-privileged attacker

integrity page

user interaction

scope changed

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

18.3%

JSON

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.

Affected configurations

Nvd

Node

adobeexperience_managerRange<6.5.21

adobeexperience_managerRange<2024.5aem_cloud_service

VendorProductVersionCPE
adobeexperience_manager*cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
adobeexperience_manager*cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*

Vendor	Product	Version	CPE
adobe	experience_manager	*	cpe:2.3:a:adobe:experience_manager::::::::
adobe	experience_manager	*	cpe:2.3:a:adobe:experience_manager:::::aem_cloud_service:::*