XML External Entity (XXE) Injection Vulnerability in AEM Forms Cloud Service and Version 6.5.10.0 (and below) Leading to Remote Code Execution (RCE)

XML External Entity (XXE) Injection Vulnerability in AEM Forms Cloud Service and Version 6.5.10.0 (and below) Leading to Remote Code Execution (RCE)

CVE-2021-40722 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

Learn more about our Cloud Audit.