First published: Wed Mar 22 2023(Updated: )
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Experience Manager | <6.5.16.0 | |
Adobe Experience Manager Cloud Service | <2023.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22256 is a vulnerability in Adobe Experience Manager versions 6.5.15.0 and earlier that allows a low-privileged attacker to redirect users to malicious websites through a URL redirection to an untrusted site.
The severity of CVE-2023-22256 is medium, with a severity value of 5.4.
CVE-2023-22256 affects Adobe Experience Manager versions 6.5.15.0 and earlier by enabling a low-privileged authenticated attacker to redirect users to malicious websites.
To fix CVE-2023-22256, upgrade to Adobe Experience Manager version 6.5.16.0 or later.
More information about CVE-2023-22256 can be found on the Adobe Security Bulletin APSB23-18.