Main Vulnerability Database Vulnerabilities #VU271

Information disclosure in Adobe Experience Manager - CVE-2016-4169

Published: August 9, 2016

Vulnerability identifier: #VU271

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-4169

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Adobe Experience Manager

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to unknown error, which can lead to exposure of audit log events to unprivileged users. A local attacker can get access to potentially sensitive data.

Successful exploitation of this vulnerability will allow a local user to gain unauthorized access to potentially sensitive information.

How to mitigate CVE-2016-4169

The vendor has issued fixes to address this vulnerability:

Hotfix 10956 for 6.2
Hotfix 10768 for 6.1
Hotfix 10767 for 6.0

Sources

https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html

Information disclosure in Adobe Experience Manager - CVE-2016-4169

Detailed vulnerability description

How to mitigate CVE-2016-4169

Sources

Please verify you're human