CVE-2021-40712

MEDIUM

Adobe Experience Manager <6.5.9.0 - DoS

Title source: llm

Description

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html

Scores

CVSS v3 6.5

EPSS 0.0166

EPSS Percentile 73.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

adobe/experience_manager < 6.5.9.0

Published Sep 27, 2021

Tracked Since Feb 18, 2026