CVE-2022-30683

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:experience_manager::::::::
	cpe:2.3:a:adobe:experience_manager:-::::cloud_service:::

History

21 Jul 2023, 17:06

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
References	~~(MISC) https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html -~~	(MISC) https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html - Vendor Advisory
CWE		NVD-CWE-Other
CPE		cpe:2.3:a:adobe:experience_manager:-::::cloud_service::: cpe:2.3:a:adobe:experience_manager::::::::

16 Sep 2022, 18:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-16 18:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-30683

Mitre link : CVE-2022-30683

CVE.ORG link : CVE-2022-30683

JSON object : View

Products Affected

adobe

experience_manager

CWE

NVD-CWE-Other CWE-657

Violation of Secure Design Principles

{"id": "CVE-2022-30683", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2022-09-16T18:15:12.943", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-657"}]}], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM."}, {"lang": "es", "value": "Adobe Experience Manager versiones 6.5.13.0 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de Violaci\u00f3n de los Principios de Dise\u00f1o Seguro que podr\u00eda conllevar a una omisi\u00f3n de la funci\u00f3n de seguridad del mecanismo de cifrado en el backend . Un atacante podr\u00eda aprovechar esta vulnerabilidad para descifrar secretos, sin embargo, este es un ataque de alta complejidad ya que el actor de la amenaza necesita ya poseer esos secretos. La explotaci\u00f3n de este problema requiere un acceso de bajo privilegio a AEM"}], "lastModified": "2023-11-07T03:47:23.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE44AFD0-04BC-4754-8834-77C27AEA3CDE", "versionEndIncluding": "6.5.13.0"}, {"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*", "vulnerable": true, "matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}