Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could…
adobe·CWE-657·Published 2022-09-16
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
Adobe Experience Manager versiones 6.5.13.0 (y anteriores), están afectadas por una vulnerabilidad de Violación de los Principios de Diseño Seguro que podría conllevar a una omisión de la función de seguridad del mecanismo de cifrado en el backend . Un atacante podría aprovechar esta vulnerabilidad para descifrar secretos, sin embargo, este es un ataque de alta complejidad ya que el actor de la amenaza necesita ya poseer esos secretos. La explotación de este problema requiere un acceso de bajo privilegio a AEM
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.0 | Primary | cve.org | 5.3 | — | — | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.0 | Primary | cve.org | 5.3 | — | — | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.0 | Secondary | NVD | 5.3 | 1.6 | 3.6 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | NVD | 5.3 | 1.6 | 3.6 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |