CVE-2021-21009: Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure
First published: Wed Jan 13 2021(Updated: )
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Campaign Classic | <=10 | |
| Adobe Campaign Classic | <=19.1.7 | |
| Adobe Campaign Classic | >=19.2<=19.2.3 | |
| Adobe Campaign Classic | >=20.1<=20.1.3 | |
| Adobe Campaign Classic | >=20.2<=20.2.3 | |
| Adobe Campaign Classic | >=20.3<=20.3.1 | |
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/adobe
- canonical/adobe campaign classic
- version/adobe campaign classic/10
- version/adobe campaign classic/19.1.7
- version/adobe campaign classic/19.2
- version/adobe campaign classic/19.2.3
- version/adobe campaign classic/20.1
- version/adobe campaign classic/20.1.3
- version/adobe campaign classic/20.2
- version/adobe campaign classic/20.2.3
- version/adobe campaign classic/20.3
- version/adobe campaign classic/20.3.1
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows