CVE-2021-21009: Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure
First published: Wed Jan 13 2021(Updated: )
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Campaign | <=10 | |
| Adobe Campaign | <=19.1.7 | |
| Adobe Campaign | >=19.2<=19.2.3 | |
| Adobe Campaign | >=20.1<=20.1.3 | |
| Adobe Campaign | >=20.2<=20.2.3 | |
| Adobe Campaign | >=20.3<=20.3.1 | |
| Linux Kernel | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-21009?
CVE-2021-21009 has been classified with a severity rating that necessitates immediate attention due to the potential for exploitation.
How do I fix CVE-2021-21009?
To fix CVE-2021-21009, users should upgrade to the latest version of Adobe Campaign Classic as advised in the relevant security updates.
Which versions are affected by CVE-2021-21009?
CVE-2021-21009 affects Adobe Campaign Classic versions 10 and earlier, 20.3.1 and earlier, 20.2.3 and earlier, 20.1.3 and earlier, 19.2.3 and earlier, and 19.1.7 and earlier.
What type of vulnerability is CVE-2021-21009?
CVE-2021-21009 is classified as a server-side request forgery (SSRF) vulnerability.
What could be the impact of exploiting CVE-2021-21009?
Exploitation of CVE-2021-21009 could allow an attacker to perform unauthorized actions on behalf of the server, potentially leading to sensitive data exposure.
- agent/type
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe campaign
- version/adobe campaign/10
- version/adobe campaign/19.1.7
- version/adobe campaign/19.2
- version/adobe campaign/19.2.3
- version/adobe campaign/20.1
- version/adobe campaign/20.1.3
- version/adobe campaign/20.2
- version/adobe campaign/20.2.3
- version/adobe campaign/20.3
- version/adobe campaign/20.3.1
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system