Lucene search

AdobeCVELIST:CVE-2022-42343

HistoryDec 13, 2022 - 12:00 a.m.

CVE-2022-42343 Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

2022-12-1300:00:00

CWE-918

adobe

www.cve.org

adobe campaign

ssrf

vulnerability

arbitrary file system read

7.3.1

8.3.9

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Adobe Campaign Classic (ACC)",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "7.3.1",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "8.3.9",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/campaign/apsb22-58.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for CVELIST:CVE-2022-42343