cnvd - cnvd-2021-91633

cnvd-2021-91633

Vulnerability from cnvd

Title

Adobe Campaign路径遍历漏洞

Description

Adobe Campaign是一款适用于跨渠道活动管理的Adobe Experience Cloud解决方案。了解如何通过电子邮件、移动设备、线下活动等方式，使用丰富的客户数据创建、协调和投放动态营销活动。 Adobe Campaign 21.2.1及之前版本存在路径遍历漏洞。该漏洞与攻击者未经身份验证枚举服务器上的其他文件有关，攻击者利用该漏洞可以读取服务器上的任意文件。

Severity

中

Patch Name

Adobe Campaign路径遍历漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://helpx.adobe.com/security/products/campaign/apsb21-52.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-40745

Impacted products

Name
Adobe Adobe Campaign <=21.2.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-40745",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-40745"
    }
  },
  "description": "Adobe Campaign\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u8de8\u6e20\u9053\u6d3b\u52a8\u7ba1\u7406\u7684Adobe Experience Cloud\u89e3\u51b3\u65b9\u6848\u3002\u4e86\u89e3\u5982\u4f55\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u3001\u79fb\u52a8\u8bbe\u5907\u3001\u7ebf\u4e0b\u6d3b\u52a8\u7b49\u65b9\u5f0f\uff0c\u4f7f\u7528\u4e30\u5bcc\u7684\u5ba2\u6237\u6570\u636e\u521b\u5efa\u3001\u534f\u8c03\u548c\u6295\u653e\u52a8\u6001\u8425\u9500\u6d3b\u52a8\u3002\n\nAdobe Campaign 21.2.1\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4e0e\u653b\u51fb\u8005\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u679a\u4e3e\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u6587\u4ef6\u6709\u5173\uff0c\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u8bfb\u53d6\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://helpx.adobe.com/security/products/campaign/apsb21-52.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-91633",
  "openTime": "2021-11-26",
  "patchDescription": "Adobe Campaign\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u8de8\u6e20\u9053\u6d3b\u52a8\u7ba1\u7406\u7684Adobe Experience Cloud\u89e3\u51b3\u65b9\u6848\u3002\u4e86\u89e3\u5982\u4f55\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u3001\u79fb\u52a8\u8bbe\u5907\u3001\u7ebf\u4e0b\u6d3b\u52a8\u7b49\u65b9\u5f0f\uff0c\u4f7f\u7528\u4e30\u5bcc\u7684\u5ba2\u6237\u6570\u636e\u521b\u5efa\u3001\u534f\u8c03\u548c\u6295\u653e\u52a8\u6001\u8425\u9500\u6d3b\u52a8\u3002\r\n\r\nAdobe Campaign 21.2.1\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4e0e\u653b\u51fb\u8005\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u679a\u4e3e\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u6587\u4ef6\u6709\u5173\uff0c\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u8bfb\u53d6\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Campaign\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Adobe Campaign \u003c=21.2.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-40745",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-19",
  "title": "Adobe Campaign\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2021-40745 (GCVE-0-2021-40745)

Vulnerability from cvelistv5

Published

2021-11-17 15:44

Modified

2025-04-23 19:22

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ()

Summary

Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.

References

URL

Tags

https://helpx.adobe.com/security/products/campaign/apsb21-52.html

x_refsource_MISC