Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read
CVE-2022-42343

6.5MEDIUM

Key Information:

Vendor: Adobe
Status: Adobe Campaign Classic (acc)
Vendor: CVE Published:; 16 December 2022

Summary

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Affected Version(s)

Adobe Campaign Classic (ACC) <= 7.3.1

Adobe Campaign Classic (ACC) <= 8.3.9

Adobe Campaign Classic (ACC) <= unspecified

References

https://helpx.adobe.com/security/products/campaign/apsb22...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2022
Vulnerability Reserved
Oct 3, 2022