CVE-2021-40722

Summary

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

Affected Software

VendorProductVersion RangeStatus
AdobeExperience Managerunspecified <= 6.5.10.0affected
AdobeExperience Managerunspecified <= Noneaffected

Weaknesses

  • CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ADP Enrichment

CVE Program Container

Additional References

References