First published: Wed Jan 13 2021(Updated: )
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Campaign | <=10 | |
Adobe Campaign | <=19.1.7 | |
Adobe Campaign | >=19.2<=19.2.3 | |
Adobe Campaign | >=20.1<=20.1.3 | |
Adobe Campaign | >=20.2<=20.2.3 | |
Adobe Campaign | >=20.3<=20.3.1 | |
Linux Kernel | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21009 has been classified with a severity rating that necessitates immediate attention due to the potential for exploitation.
To fix CVE-2021-21009, users should upgrade to the latest version of Adobe Campaign Classic as advised in the relevant security updates.
CVE-2021-21009 affects Adobe Campaign Classic versions 10 and earlier, 20.3.1 and earlier, 20.2.3 and earlier, 20.1.3 and earlier, 19.2.3 and earlier, and 19.1.7 and earlier.
CVE-2021-21009 is classified as a server-side request forgery (SSRF) vulnerability.
Exploitation of CVE-2021-21009 could allow an attacker to perform unauthorized actions on behalf of the server, potentially leading to sensitive data exposure.