Is CVE-2018-5006 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Adobe Experience Manager Aem 6.4 And Earlier

CVE-2018-5006

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

EPSS: 0.538 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a Adobe Experience Manager Aem 6.4 And Earlier — versions Adobe Experience Manager AEM 6.4 and earlier

Public proof-of-concept exploits

0ang3el/aem-hacker
Raz0r/aemscan
TheRipperJhon/AEMVS
amarnathadapa-sec/aem
andyacer/aemscan_
vulnerabilitylabs/aem-hacker

References

helpx.adobe.com/security/products/experience-manager/apsb18-23.html (x_refsource_CONFIRM)
104702 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-5006?: CVE-2018-5006 is a vulnerability in Adobe Experience Manager Aem 6.4 And Earlier. Published 2018-07-20.
Is CVE-2018-5006 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.