CVE-2023-29307: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.16.0 and earlier were identified with a URL Redirection to Untrusted Site ('Open Redirect') vulnerability, tracked as CVE-2023-29307. The vulnerability was disclosed on June 15, 2023, and affects Adobe Experience Manager installations up to version 6.5.16.0 (NVD).

The vulnerability is classified as a URL Redirection to Untrusted Site (CWE-601) issue. It received a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction for successful exploitation (NVD).

If exploited, this vulnerability allows a low-privilege authenticated attacker to redirect users to malicious websites. The impact is considered medium severity due to the potential for phishing attacks and other malicious redirections that could compromise user security (NVD).

Adobe has addressed this vulnerability in versions after 6.5.16.0. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).

The vulnerability was discovered and reported by security researcher Osama Yousef (osamayousef) through Adobe's private bug bounty program (Adobe Advisory).