CVE-2023-22257: AEM URL Redirection to Untrusted Site Security feature bypass
First published: Wed Mar 22 2023(Updated: )
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Experience Manager | <6.5.16.0 | |
| Adobe Experience Manager | <2023.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-22257.
What is the severity of CVE-2023-22257?
The severity of CVE-2023-22257 is medium, with a CVSS score of 5.4.
Which versions of Adobe Experience Manager are affected by CVE-2023-22257?
Adobe Experience Manager versions 6.5.15.0 and earlier are affected by CVE-2023-22257.
What is the impact of CVE-2023-22257?
CVE-2023-22257 allows a low-privileged authenticated attacker to redirect users to malicious websites.
How can CVE-2023-22257 be mitigated?
To mitigate CVE-2023-22257, it is recommended to update to Adobe Experience Manager version 6.5.16.0 or later.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe experience manager