CVE-2020-9733
10.09.2020, 17:15
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.Enginsight
| Vendor | Product | Version |
|---|---|---|
| adobe | experience_manager | 𝑥 ≤ 6.2.1.20 |
| adobe | experience_manager | 6.3.0.0 ≤ 𝑥 ≤ 6.3.3.8 |
| adobe | experience_manager | 6.4.0.0 ≤ 𝑥 ≤ 6.4.8.1 |
| adobe | experience_manager | 6.5.0.0 ≤ 𝑥 ≤ 6.5.5.0 |
| adobe | experience_manager_forms | 6.4.8.1 |
| adobe | experience_manager_forms | 6.5.5.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.