Unrated severityNVD Advisory· Published Jan 13, 2022· Updated Sep 16, 2024
AEM Forms Improper Restriction of XML External Entity Reference
CVE-2021-40722
Description
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
Affected products
3<=6.5.10.0+ 1 more
- (no CPE)range: <=6.5.10.0
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- helpx.adobe.com/security/products/experience-manager/apsb21-103.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.