SB2018071004 - Server-side request forgery in Adobe Experience Manager

Security Bulletin ID SB2018071004

Severity

Low

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Server-side request forgery (CVE-ID: CVE-2018-5004)

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to unspecified error. A remote attacker can perform SSRF attack to bypass network access controls, perform unauthorized connections to local resources and gain access to sensitive information.

2) Server-side request forgery (CVE-ID: CVE-2018-5006)

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to unspecified error. A remote attacker can perform SSRF attack to bypass network access controls, perform unauthorized connections to local resources and gain access to sensitive information.

3) Server-side request forgery (CVE-ID: CVE-2018-12809)

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to unspecified error. A remote attacker can perform SSRF attack to bypass network access controls, perform unauthorized connections to local resources and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://helpx.adobe.com//security/products/experience-manager/apsb18-23.html

SB2018071004 - Server-side request forgery in Adobe Experience Manager

Breakdown by Severity

Description

Remediation

References

Please verify you're human