5
CVSSv2

CVE-2020-9643

Published: 12/06/2020 Updated: 15/06/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Adobe Experience Manager versions 6.5 and previous versions have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe experience manager

Vendor Advisories

Adobe has released updates for Adobe Experience Manager (AEM) These updates resolve vulnerabilities in AEM versions 65 and below rated Important  Successful exploitation could result in sensitive information disclosure ...

Recent Articles

Adobe Warns of Critical Flaws in Flash Player, Framemaker
Threatpost • Lindsey O'Donnell • 09 Jun 2020

Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. The bugs, if exploited, could enable arbitrary code-execution.
In Tuesday’s June Adobe security updates, critical flaws tied to three CVEs were patched in Adobe Framemaker, which is Adobe’s application designed for writing and editing large or complex documents.
The flaws include two critical out-of-bounds write flaws (CVE-2020-9634, ...

June's Patch Tuesday reveals 23 ways to remotely pwn Windows – and over 100 more bugs that could ruin your day
The Register • Shaun Nichols in San Francisco • 09 Jun 2020

Microsoft, Intel, Adobe, SAP emit fixes in security synchronicity

Patch Tuesday Microsoft has given IT admins and folks another busy Patch Tuesday with 129 security vulnerabilities to address.
The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. The massive bundle is not entirely unexpected, as security experts have suggested that vendors are still catching up on their patching and reporting routines.
Of the 129 patches this month, 11 were rated by Microsoft...

The Register

Microsoft has given admins another busy Patch Tuesday with 129 security vulnerabilities to address.
The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. The massive bundle is not entirely unexpected, as security experts have suggested that vendors are still catching up on their patching and reporting routines.
Of the 129 patches this month, 11 were rated by Microsoft as 'critical' security ris...