Violation of Secure Design Principles in Adobe Experience Manager 6.5.13.0 and earlier versions allows for Backend Encryption Bypass

Violation of Secure Design Principles in Adobe Experience Manager 6.5.13.0 and earlier versions allows for Backend Encryption Bypass

CVE-2022-30683 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.

Learn more about our Web Application Penetration Testing UK.