CVE-2020-24444

Summary

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.

Affected Software

VendorProductVersion RangeStatus
AdobeExperience Manager<= Forms SP6 add-on for AEM 6.5.6.0affected
AdobeExperience Manager<= Forms SP8 add-on for AEM 6.4.8.2affected
AdobeExperience Manager<= Noneaffected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF) (CWE-918)

ADP Enrichment

CVE Program Container

Additional References

References