CVE-2019-16469

HIGH NUCLEI

Adobe Experience Manager <6.6 - Info Disclosure

Title source: llm

Description

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Nuclei Templates (1)

Adobe Experience Manager - Expression Language Injection

HIGHVERIFIEDby DomenicoVeneziano

Shodan:

http.component:"Adobe Experience Manager" || http.component:"adobe experience manager" || http.title:"aem sign in" || cpe:"cpe:2.3:a:adobe:experience_manager"

FOFA: title="aem sign in"

References (1)

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html

Scores

CVSS v3 7.5

EPSS 0.7060

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-917

Status published

Products (1)

adobe/experience_manager 6.5.0 - 6.5.3.0

Published Jan 15, 2020

Tracked Since Feb 18, 2026