Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-51459
CVE-2023-51459:
Adobe Experience Manager vulnerability analysis and mitigation
Overview
A reflected Cross-Site Scripting (XSS) vulnerability was identified in Adobe Experience Manager versions 6.5.18 and earlier, disclosed on December 20, 2023. This vulnerability affects both the standard installation and AEM Cloud Service versions prior to 2023.11.0 (NVD).
Technical details
The vulnerability is classified with a CVSS v3.1 Base Score of 5.4 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates network accessibility, low attack complexity, requires low privileges and user interaction, with changed scope and low impacts on confidentiality and integrity, but no impact on availability (NVD).
Impact
If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser when they visit a specially crafted URL referencing a vulnerable page (NVD).
Mitigation and workarounds
Adobe has addressed this vulnerability in versions after 6.5.18.0 for standard installations and in version 2023.11.0 and later for AEM Cloud Service (NVD).
Additional resources
Source: This report was generated using AI
Related Adobe Experience Manager vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management