Impact
Adobe Campaign Classic (ACC) is vulnerable to an incorrect authorization flaw (CWE-863) that allows an attacker to gain privileges and execute arbitrary code within the current user context. Because the flaw changes the scope of the affected system, a single exploit can impact the entire application instance. The description states that exploitation does not require user interaction, implying that once the attack vector is reached, the attacker can execute code freely.
Affected Systems
Adobe Campaign Classic releases up to and including version 7.4.3 build 9396 are affected. Systems running these versions are at risk until a newer, patched release or an applicable vendor update is applied.
Risk and Exploitability
With a CVSS score of 10, the vulnerability is considered critical. The EPSS score is not available, but the lack of user interaction requirements suggests a high likelihood of remote exploitation. The vulnerability is not currently listed in CISA’s KEV catalog. The attack vector is inferred to be remote over the network, assuming the application is exposed, and the exploit could grant full code execution capabilities on the affected instance, potentially compromising data confidentiality, integrity, and availability. The changed scope amplifies the overall impact of the vulnerability.
OpenCVE Enrichment