Adobe Experience Manager Vulnerable to Arbitrary Code Execution
CVE-2024-52831

7.8HIGH

Key Information:

Vendor: Adobe
Status: Experience Manager
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Experience Manager versions 6.5.21 and earlier are vulnerable due to improper input validation, which may enable attackers to execute arbitrary code within the context of the current user. This exploitation necessitates user interaction, as victims must open a malicious file to trigger the vulnerability. Organizations using affected versions are urged to implement updates and practice caution in user-file interactions to mitigate potential risks.

References

https://helpx.adobe.com/security/products/experience-mana...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD Database