HIGH🇵🇱 Wersja polska

CVE-2020-9733

CVSS 7.5v3.1pub. 2020-09-10upd. 2024-11-21

An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Adobe Experience Manager

    APP
    Adobe
    ≤ 6.2.1.206.3.0.0 – 6.3.3.86.4.0.0 – 6.4.8.16.5.0.0 – 6.5.5.0
  • Adobe Experience Manager Forms

    APP
    Adobe
    6.4.8.16.5.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-54253CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE przez błędną konfigurację w Adobe Experience Manager Forms

CVE-2026-34691CRITICAL9.3PL ✓ten sam produkt

Stored XSS w Adobe Experience Manager Forms JEE – krytyczna podatność

CVE-2025-64538CRITICAL9.3PL ✓ten sam produkt

DOM-based XSS w Adobe Experience Manager — możliwe RCE i przejęcie sesji

CVE-2025-64537CRITICAL9.3PL ✓ten sam produkt

DOM-based XSS w Adobe Experience Manager umożliwiający RCE

CVE-2025-64539CRITICAL9.3PL ✓ten sam produkt

DOM-based XSS w Adobe Experience Manager umożliwiający RCE