CVE-2021-28627 MEDIUM

CVE-2021-28627: Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass

Vendor Adobe
Product Experience Manager
Weakness CWE-918 · SSRF
Published August 24, 2021
Last update April 23, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

August 24, 2021 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE