CVE-2021-40722
CRITICALAEM Forms Cloud Service <6.5.10.0 - XXE Injection
Title source: llmDescription
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html
Scores
CVSS v3
9.8
EPSS
0.0327
EPSS Percentile
86.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (2)
adobe/experience_manager
< 6.5.10.0
adobe/experience_manager_cloud_service
Published
Jan 13, 2022
Tracked Since
Feb 18, 2026