Information Disclosure Vulnerability in Adobe Experience Manager Forms Products
CVE-2017-3067

7.5HIGH

Key Information:

Vendor
Adobe
Status
Adobe Experience Manager Forms 6.2, 6.1, 6.0
Vendor
CVE Published:
9 May 2017

Summary

An information disclosure vulnerability exists in Adobe Experience Manager Forms versions 6.2, 6.1, and 6.0 due to improper handling of the pre-population service. This flaw could enable unauthorized users to access sensitive data, potentially leading to data breaches. Users of affected versions are encouraged to review their configurations and apply recommended security updates to mitigate potential risks.

Affected Version(s)

Adobe Experience Manager Forms 6.2, 6.1, 6.0 Adobe Experience Manager Forms 6.2, 6.1, 6.0

References

https://helpx.adobe.com/security/products/aem-forms/apsb1...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98348
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038428
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.