CVE-2021-21009

CVE Database · CVE-2021-21009

CVE-2021-21009

· HIGHModified

CVSS v3.1

8.6

EPSS

3.20%

Published

Jan 13, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Weaknesses (CWE)

CWE-918

Affected Products (8)

adobe · campaign_classicvulnerable

linux · linux_kernel

microsoft · windows

References (2)

https://helpx.adobe.com/security/products/campaign/apsb21-04.html

Vendor Advisory

https://helpx.adobe.com/security/products/campaign/apsb21-04.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs