CVE-2021-40713

Summary

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.

Affected Software

VendorProductVersion RangeStatus
AdobeExperience Managerunspecified <= 6.5.9.0affected
AdobeExperience Managerunspecified <= Noneaffected

Weaknesses

  • CWE-295: Improper Certificate Validation (CWE-295)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References