CVE-2022-44488 - Vulnerability Details - OpenCVE

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Adobe	Experience Manager Experience Manager Cloud Service

Configuration 1 [-]

OR	cpe:2.3:a:adobe:experience_manager::::::::
	cpe:2.3:a:adobe:experience_manager_cloud_service::::::::

No data.

References

Link	Providers
https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html

History

Wed, 23 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2022-12-21T01:21:43.830Z

Updated: 2025-04-23T16:24:20.812Z

Reserved: 2022-10-31T00:00:00.000Z

Link: CVE-2022-44488

Vulnrichment

Updated: 2024-08-03T13:54:03.897Z

NVD

Status : Modified

Published: 2022-12-19T20:15:13.547

Modified: 2024-11-21T07:28:04.620

Link: CVE-2022-44488

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-44488", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "dateUpdated": "2025-04-23T16:24:20.812Z", "dateReserved": "2022-10-31T00:00:00.000Z", "datePublished": "2022-12-21T01:21:43.830Z"}, "containers": {"cna": {"title": "AEM URL Redirection to Untrusted Site Security feature bypass", "datePublic": "2022-12-13T00:00:00.000Z", "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2022-12-19T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction."}], "affected": [{"vendor": "Adobe", "product": "Experience Manager", "versions": [{"version": "unspecified", "lessThanOrEqual": "6.5.14.0", "status": "affected", "versionType": "custom"}, {"version": "unspecified", "lessThanOrEqual": "None", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)", "cweId": "CWE-601"}]}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.897Z"}, "title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:01:08.841182Z", "id": "CVE-2022-44488", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:24:20.812Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.897Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-44488", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:01:08.841182Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:01:10.855Z"}}], "cna": {"title": "AEM URL Redirection to Untrusted Site Security feature bypass", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Adobe", "product": "Experience Manager", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "6.5.14.0"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "None"}]}], "datePublic": "2022-12-13T00:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html"}], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2022-12-19T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-44488", "state": "PUBLISHED", "dateUpdated": "2025-04-23T16:24:20.812Z", "dateReserved": "2022-10-31T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2022-12-21T01:21:43.830Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7918174C-4288-416D-9DA4-E0CB200E2112", "versionEndExcluding": "6.5.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "48171ADC-0898-4427-BECA-3E5D0EAAD8AA", "versionEndExcluding": "2022.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction."}, {"lang": "es", "value": "Adobe Experience Manager versi\u00f3n 6.5.14 (y anteriores) se ve afectado por una vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza (\"Open Redirect\"). Un atacante autenticado con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para redirigir a los usuarios a sitios web maliciosos. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."}], "id": "CVE-2022-44488", "lastModified": "2024-11-21T07:28:04.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "psirt@adobe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-19T20:15:13.547", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "psirt@adobe.com", "type": "Secondary"}]}