BID:104702

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities

CVE-2018-12809 | CVE-2018-5004 | CVE-2018-5006 |

Info

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities

Bugtraq ID:	104702
Class:	Input Validation Error
CVE:	CVE-2018-12809 CVE-2018-5006 CVE-2018-5004
Remote:	Yes
Local:	No
Published:	Jul 10 2018 12:00AM
Updated:	Jul 10 2018 12:00AM
Credit:	Mikhail Egorov @0ang3el
Vulnerable:	Adobe Experience Manager 6.1 Adobe Experience Manager 6.0 Adobe Experience Manager 6.4 Adobe Experience Manager 6.3 Adobe Experience Manager 6.2

Not Vulnerable:

Discussion

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities

Adobe Experience Manager is prone to multiple security-bypass vulnerabilities.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may lead to sensitive information disclosure.

Adobe Experience Manager 6.x through 6.4 are vulnerable.

Exploit / POC

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities

References:

Adobe Experience Manager Homepage (Adobe)
Security updates available for Adobe Experience Manager | APSB18-23 (Adobe)