CVE-2022-30683
AEM Violation of Secure Design Principles Security feature bypass
In short
Adobe Experience Manager has a flaw in its encryption security design that could allow someone with low-level access to bypass the encryption protection and decrypt sensitive secrets. However, the attacker would already need to know what those secrets are, making this a complex attack.
Technical detail
CWE-657 violation in AEM 6.5.13.0 and earlier allows low-privileged users to bypass the encryption mechanism's security design through high-complexity exploitation. The attack requires pre-existing knowledge of the secrets to decrypt and low-privilege access to the AEM instance, potentially leading to exposure of encrypted backend data.
Summary generated and translated by AI from the official description.
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Adobe · Experience ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →