What is CVE-2019-8086?

CVE-2019-8086 is a vulnerability in Adobe Experience Manager. Published 2019-10-25.

Is CVE-2019-8086 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Adobe Experience Manager

CVE-2019-8086

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

EPSS: 0.548 (98.1th percentile) — read the EPSS interpretation.

Affected products

Adobe Experience Manager — versions 6.5, 6.4, 6.3

Public proof-of-concept exploits

0ang3el/aem-hacker
20142995/sectool
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
amarnathadapa-sec/aem

References

helpx.adobe.com/security/products/experience-manager/apsb19-48.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-8086?: CVE-2019-8086 is a vulnerability in Adobe Experience Manager. Published 2019-10-25.
Is CVE-2019-8086 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.