nvd-json-data-feeds/CVE-2021/CVE-2021-407xx/CVE-2021-40712.json

{
  "id": "CVE-2021-40712",
  "sourceIdentifier": "psirt@adobe.com",
  "published": "2021-09-27T16:15:10.640",
  "lastModified": "2021-10-01T13:18:36.573",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service."
    },
    {
      "lang": "es",
      "value": "Adobe Experience Manager versiones 6.5.9.0 (y anteriores) est\u00e1 afectada por una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada por medio del par\u00e1metro path. Un atacante autenticado puede enviar una petici\u00f3n POST malformada para conseguir una denegaci\u00f3n de servicio del lado del servidor"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@adobe.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@adobe.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "6.5.9.0",
              "matchCriteriaId": "FEBB2103-C198-45E2-8843-E368AC49CC2D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html",
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}