CRITICAL🇵🇱 Wersja polska

CVE-2021-40722

CVSS 9.8v3.1pub. 2022-01-13upd. 2024-11-21

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adobe Experience Manager

    APP
    Adobe
    ≤ 6.5.10.0
  • Adobe Experience Manager Cloud Service

    APP
    Adobe
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2026-34691CRITICAL9.3PL ✓ten sam produkt

Stored XSS w Adobe Experience Manager Forms JEE – krytyczna podatność

CVE-2025-64538CRITICAL9.3PL ✓ten sam produkt

DOM-based XSS w Adobe Experience Manager — możliwe RCE i przejęcie sesji

CVE-2025-64537CRITICAL9.3PL ✓ten sam produkt

DOM-based XSS w Adobe Experience Manager umożliwiający RCE

CVE-2025-64539CRITICAL9.3PL ✓ten sam produkt

DOM-based XSS w Adobe Experience Manager umożliwiający RCE

CVE-2025-49533CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację niezaufanych danych w Adobe Experience Manager