Main Vulnerability Database Vulnerabilities #VU13628

#VU13628 Server-side request forgery in Adobe Experience Manager - CVE-2018-5006

Published: July 10, 2018

Vulnerability identifier: #VU13628

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5006

CWE-ID: CWE-918

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Adobe Experience Manager

Software vendor:
Adobe

Description

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to unspecified error. A remote attacker can perform SSRF attack to bypass network access controls, perform unauthorized connections to local resources and gain access to sensitive information.

Remediation

Install update from vendor's website.

External links

https://helpx.adobe.com//security/products/experience-manager/apsb18-23.html