// For flags

CVE-2023-48441

Servlet - /bin/wcm/contentfinder/asset/view?itemResourceType allows users to execute internal AEM code

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.

Adobe Experience Manager en la versión 6.5.18 y anteriores se ven afectadas por una vulnerabilidad de control de acceso inadecuado. Un atacante podría aprovechar esta vulnerabilidad para lograr un impacto de baja confidencialidad dentro de la aplicación. La explotación de este problema no requiere la interacción del usuario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-16 CVE Reserved
  • 2023-12-15 CVE Published
  • 2024-01-16 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
 Experience Manager
Search vendor "Adobe" for product "Experience Manager"
 <= 6.5.18.0
Search vendor "Adobe" for product "Experience Manager" and version " <= 6.5.18.0"
-
Affected
Adobe
Search vendor "Adobe"
 Experience Manager
Search vendor "Adobe" for product "Experience Manager"
-cloud_service
Affected