Headline
CVE-2022-42343: Adobe Security Bulletin
Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
Security updates available for Adobe Campaign Classic | APSB22-58
Summary
Adobe has released security updates for Adobe Campaign Classic. This update addresses an important vulnerability that could result in privilege escalation.
Affected versions
Product
Affected version
Platform
Adobe Campaign Classic
ACC v7: 7.3.1 and below
ACC v8: 8.3.9 and below
Windows, Linux
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
Product
Updated version
Platform
Priority rating
Availability
Adobe Campaign Classic
ACC v7: 7.3.2
ACC v8: 8.4.2
Windows and Linux
3
Release 7 Notes
Release 8 Notes
Vulnerability Details
Improper Input Validation (CWE-20)
Acknowledgments
Adobe would like to thank Felix Martel-Denis - Software Secured for reporting this issue and for working with Adobe to help protect our customers.