Cross-Site Request Forgery Vulnerability in Adobe Experience Manager
CVE-2016-7885

8.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Experience Manager 6.2 And Earlier
Vendor
CVE Published:
15 December 2016

Summary

Adobe Experience Manager versions 6.2 and earlier are affected by a Cross-Site Request Forgery vulnerability, allowing attackers to conduct unauthorized actions on behalf of authenticated users without their consent. This flaw emphasizes the importance of implementing CSRF protections in web applications to prevent potential exploitation.

Affected Version(s)

Adobe Experience Manager 6.2 and earlier Adobe Experience Manager 6.2 and earlier

References

http://www.securitytracker.com/id/1037464
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94876
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/experience-mana...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.