CVE-2022-42343 MEDIUM

CVE-2022-42343: Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Vendor Adobe
Product Adobe Campaign Classic (ACC)
Weakness CWE-918 · SSRF
Published December 19, 2022
Last update April 23, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

December 19, 2022 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-50266 Bazarr Blind Server-Side Request Forgery (SSRF) in the /test/<protocol>/ endpoint CVE-2025-9975 WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery CVE-2026-3788 Bytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgery CVE-2026-8320 jishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgery CVE-2026-45609 mcp-security: Unvalidated URL Fetching (SSRF)