#VU269 Information disclosure in Backup functionality in Adobe Experience Manager


Published: 2016-08-09

Vulnerability identifier: #VU269

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4253

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adobe Experience Manager
Client/Desktop applications / Office applications

Vendor: Adobe

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to unknown error in Backup functionality. A remote attacker can get access to potentially sensitive data.

Successful exploitation of this vulnerability will allow an attacker to gain unauthorized access to potentially sensitive information.

Mitigation

The vendor has issued fixes to address this vulnerability:

Hotfix 10870 for 6.2
Hotfix 10870 for 6.1
Hotfix 10870 for 6.0
Hotfix 10870 for 5.6.1

Vulnerable software versions

Adobe Experience Manager: 5.6.1 - 6.2

External links
http://helpx.adobe.com/security/products/experience-manager/apsb16-27.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Adobe Experience Manager