Vulnerability Description
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Experience Manager | < 6.5.16.0 |
| Adobe | Experience Manager Cloud Service | < 2023.1.0 |
Related Weaknesses (CWE)
References
- https://helpx.adobe.com/security/products/experience-manager/apsb23-18.htmlVendor Advisory
- https://helpx.adobe.com/security/products/experience-manager/apsb23-18.htmlVendor Advisory
FAQ
What is CVE-2023-22271?
CVE-2023-22271 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit thi...
How severe is CVE-2023-22271?
CVE-2023-22271 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22271?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Experience Manager, Adobe Experience Manager Cloud Service.