CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43762 – Adobe Experience Manager Unicode normalization leads to dispatcher bypass
https://notcve.org/view.php?id=CVE-2021-43762
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability. AEM's Cloud Service offering, así como la versión 6.5.10.0 (y anteriores) están afectadas por una vulnerabilidad de omisión del despachador que podría ser abusada para evadir los controles de seguridad. Las áreas confidenciales de la aplicación web pueden quedar expuestas mediante la explotación de la vulnerabilidad • https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40712 – Adobe Experience Manager Path parameter Improper Input Validation Could Lead To DOS
https://notcve.org/view.php?id=CVE-2021-40712
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service. Adobe Experience Manager versiones 6.5.9.0 (y anteriores) está afectada por una vulnerabilidad de comprobación de entrada inapropiada por medio del parámetro path. Un atacante autenticado puede enviar una petición POST malformada para conseguir una denegación de servicio del lado del servidor • https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40714 – Adobe Experience Manager Reflected Cross Site Scripting via accesskey parameter
https://notcve.org/view.php?id=CVE-2021-40714
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser Adobe Experience Manager versiones 6.5.9.0 (y anteriores), está afectada por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado por medio del parámetro accesskey. Si un atacante es capaz de convencer a una víctima de visitar una URL que haga referencia a una página vulnerable, puede ser ejecutado contenido JavaScript malicioso en el contexto del navegador de la víctima • https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40713 – Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack
https://notcve.org/view.php?id=CVE-2021-40713
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information. Adobe Experience Manager versiones 6.5.9.0 (y anteriores), está afectada por una vulnerabilidad de comprobación de certificados inapropiada en el componente cold storage. Si un atacante puede lograr un ataque de tipo man in the middle cuando el servidor frío establece un nuevo certificado, podría ser capaz de cosechar información confidencial • https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40711 – Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2021-40711
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Experience Manager versiones 6.5.9.0 (y anteriores) se ve afectada por una vulnerabilidad de XSS almacenada al crear fragmentos de contenido. Un atacante autenticado puede enviar una solicitud POST malformada para lograr la ejecución de código arbitrario. • https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •