CVE-2021-40745 HIGH

CVE-2021-40745: Adobe Campaign Path Traversal Leads to Information Exposure

Vendor Adobe
Product Campaign
Weakness CWE-22 · Path traversal
Published November 17, 2021
Last update April 23, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.

Key dates

02Disclosure timeline

November 17, 2021 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE