CVE-2021-40745

Summary

Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.

Affected Software

VendorProductVersion RangeStatus
AdobeCampaignunspecified <= 21.2.1affected
AdobeCampaignunspecified <= Noneaffected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References