CVE-2023-22271

Summary

Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret.

Affected Software

VendorProductVersion RangeStatus
AdobeExperience Managerunspecified <= 6.5.15.0affected
AdobeExperience Managerunspecified <= Noneaffected

Weaknesses

  • CWE-261: Weak Cryptography for Passwords (CWE-261)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References