{"containers": {"cna": {"affected": [{"product": "Experience Manager", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "6.5.9.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-09-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "Improper Certificate Validation (CWE-295)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-27T15:43:07.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-40713", "STATE": "PUBLIC", "TITLE": "Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Experience Manager", "version": {"version_data": [{"version_affected": "<=", "version_value": "6.5.9.0"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information."}]}, "impact": {"cvss": {"attackComplexity": "High", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Certificate Validation (CWE-295)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:51:06.645Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:11:06.277543Z", "id": "CVE-2021-40713", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T19:27:22.676Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-40713", "datePublished": "2021-09-27T15:43:07.324Z", "dateReserved": "2021-09-08T00:00:00.000Z", "dateUpdated": "2025-04-23T19:27:22.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:51:06.645Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-40713", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:11:06.277543Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:11:07.907Z"}}], "cna": {"title": "Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Adobe", "product": "Experience Manager", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "6.5.9.0"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "None"}]}], "datePublic": "2021-09-14T00:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "Improper Certificate Validation (CWE-295)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2021-09-27T15:43:07.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Unchanged", "version": "3.1", "baseScore": 5.9, "attackVector": "Network", "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "None", "userInteraction": "None", "attackComplexity": "High", "availabilityImpact": "None", "privilegesRequired": "None", "confidentialityImpact": "High"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "6.5.9.0", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}]}, "product_name": "Experience Manager"}]}, "vendor_name": "Adobe"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html", "name": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Certificate Validation (CWE-295)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-40713", "STATE": "PUBLIC", "TITLE": "Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack", "ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-09-14T23:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2021-40713", "state": "PUBLISHED", "dateUpdated": "2025-04-23T19:27:22.676Z", "dateReserved": "2021-09-08T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2021-09-27T15:43:07.324Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEBB2103-C198-45E2-8843-E368AC49CC2D", "versionEndIncluding": "6.5.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information."}, {"lang": "es", "value": "Adobe Experience Manager versiones 6.5.9.0 (y anteriores), est\u00e1 afectada por una vulnerabilidad de comprobaci\u00f3n de certificados inapropiada en el componente cold storage. Si un atacante puede lograr un ataque de tipo man in the middle cuando el servidor fr\u00edo establece un nuevo certificado, podr\u00eda ser capaz de cosechar informaci\u00f3n confidencial"}], "id": "CVE-2021-40713", "lastModified": "2024-11-21T06:24:37.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Secondary"}]}, "published": "2021-09-27T16:15:10.727", "references": [{"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}

{}