Vulnerability Details : CVE-2018-12807
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification.
Vulnerability category: Input validation
Products affected by CVE-2018-12807
- cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:experience_manager:6.3.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12807
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12807
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2018-12807
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-12807
-
http://www.securitytracker.com/id/1041470
Adobe Experience Manager Multiple Flaws Let Remote Users Modify Data and Conduct Cross-Site Scripting Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
https://helpx.adobe.com/security/products/experience-manager/apsb18-26.html
Adobe Security BulletinVendor Advisory
-
http://www.securityfocus.com/bid/105068
Adobe Experience Manager CVE-2018-12807 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to