CVE-2024-45119

CVE-2024-45119 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, exposing a server-side request forgery (SSRF) that can lead to arbitrary file system reads. An admin-privileged, authenticated attacker can induce the application to make arbitrary HTTP r...

CVE-2023-22261

Experience Manager versions 6.5.15.0 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interactio...

CVE-2023-22257 AEM URL Redirection to Untrusted Site Security feature bypass

Experience Manager versions 6.5.15.0 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interactio...

CVE-2022-42343

Adobe Campaign version 7.3.1 and earlier and 8.3.9 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URL...