Description
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/campaign/apsb19-28.html
Scores
CVSS v3
7.5
EPSS
0.0325
EPSS Percentile
86.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
adobe/campaign
< 18.10.5.8984
Published
Jul 18, 2019
Tracked Since
Feb 18, 2026