CVE-2022-44488: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager version 6.5.14 and earlier versions are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability, identified as CVE-2022-44488. The vulnerability was disclosed on December 19, 2022. This security issue affects Adobe Experience Manager installations up to version 6.5.14 and Adobe Experience Manager Cloud Service versions up to 2022.10.0 (NVD Database).

The vulnerability is classified as a URL Redirection to Untrusted Site (CWE-601) issue. According to the CVSS 3.1 scoring system, it has received a base score of 5.4 (MEDIUM) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Adobe Systems provided a lower severity assessment with a base score of 3.5 (LOW) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N (NVD Database).

If exploited, this vulnerability could allow a low-privilege authenticated attacker to redirect users to malicious websites. The impact is considered moderate as it requires both user interaction and attacker authentication to successfully exploit (NVD Database).

Adobe has addressed this vulnerability in Experience Manager version 6.5.15.0 and Experience Manager Cloud Service version 2022.10.0. Users are advised to update to these or later versions to mitigate the risk (NVD Database).