Adobe Campaign Path Traversal Leads to Information Exposure

Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

Adobe Campaign Standard 路径遍历漏洞

Adob​​e Campaign Standard是美国Adob​​e公司的提供了一个设计跨渠道客户体验的平台，并为可视化活动编排、实时交互管理和跨渠道执行提供了环境。 Adobe Campaign Standard 21.2.1及更早版本存在路径遍历漏洞，攻击者可利用该漏洞通过利用公开的XML文件枚举服务器上的其他文件。

N/A

N/A