CVE-2021-28627: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager Cloud Service offering and versions 6.5.8.0 (and below) were affected by a Server-side Request Forgery (SSRF) vulnerability identified as CVE-2021-28627. The vulnerability was disclosed in June 2021 and affected the core functionality of Adobe Experience Manager (Adobe Advisory).

The vulnerability is classified as a Server-side Request Forgery (CWE-918) that could allow authenticated attackers to contact systems that are blocked by the dispatcher. The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Adobe's assessment rated it at 5.4 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (NVD).

The vulnerability could enable an authenticated attacker to bypass security controls and contact internal systems that would normally be blocked by the dispatcher. This could potentially lead to unauthorized access to internal resources and information disclosure (NVD).

Adobe addressed this vulnerability through security updates for the affected versions. Users of Adobe Experience Manager Cloud Service and version 6.5.8.0 or below should update to the latest version as recommended in Adobe's security advisory (Adobe Advisory).

Adobe acknowledged the security researcher SignorRossi for responsibly reporting this vulnerability and working with Adobe to help protect their customers (Adobe Advisory).