Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exploitation of this issue does not require user interaction.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-03-18
Updated
2024-03-18
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-09-10
Updated
2021-09-14
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
Max CVSS
7.5
EPSS Score
0.31%
Published
2017-12-09
Updated
2017-12-14
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
Max CVSS
7.5
EPSS Score
0.28%
Published
2017-08-11
Updated
2017-08-16
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
Max CVSS
7.5
EPSS Score
0.28%
Published
2017-08-11
Updated
2017-08-16
The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.21%
Published
2016-08-09
Updated
2017-08-16
Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.17%
Published
2016-08-09
Updated
2017-08-16
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
Max CVSS
7.8
EPSS Score
0.39%
Published
2016-02-10
Updated
2016-02-18

CVE-2016-0956

Public exploit
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
7.8
EPSS Score
2.87%
Published
2016-02-10
Updated
2018-10-09
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!