{"containers": {"cna": {"affected": [{"product": "Experience Manager", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "6.5.13.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-09-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-657", "description": "Violation of Secure Design Principles (CWE-657)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T17:45:20.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html"}], "source": {"discovery": "EXTERNAL"}, "title": "AEM Violation of Secure Design Principles Security feature bypass", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2022-09-13T23:00:00.000Z", "ID": "CVE-2022-30683", "STATE": "PUBLIC", "TITLE": "AEM Violation of Secure Design Principles Security feature bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Experience Manager", "version": {"version_data": [{"version_affected": "<=", "version_value": "6.5.13.0"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM."}]}, "impact": {"cvss": {"attackComplexity": "High", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Violation of Secure Design Principles (CWE-657)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:56:13.516Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:04:10.308273Z", "id": "CVE-2022-30683", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T17:05:47.747Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-30683", "datePublished": "2022-09-16T17:45:20.824Z", "dateReserved": "2022-05-12T00:00:00.000Z", "dateUpdated": "2025-04-23T17:05:47.747Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:56:13.516Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-30683", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:04:10.308273Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:04:12.313Z"}}], "cna": {"title": "AEM Violation of Secure Design Principles Security feature bypass", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Adobe", "product": "Experience Manager", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "6.5.13.0"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "None"}]}], "datePublic": "2022-09-13T00:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-657", "description": "Violation of Secure Design Principles (CWE-657)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2022-09-16T17:45:20.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Unchanged", "version": "3.1", "baseScore": 5.3, "attackVector": "Network", "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "None", "userInteraction": "None", "attackComplexity": "High", "availabilityImpact": "None", "privilegesRequired": "Low", "confidentialityImpact": "High"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "6.5.13.0", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}]}, "product_name": "Experience Manager"}]}, "vendor_name": "Adobe"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html", "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Violation of Secure Design Principles (CWE-657)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-30683", "STATE": "PUBLIC", "TITLE": "AEM Violation of Secure Design Principles Security feature bypass", "ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2022-09-13T23:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-30683", "state": "PUBLISHED", "dateUpdated": "2025-04-23T17:05:47.747Z", "dateReserved": "2022-05-12T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2022-09-16T17:45:20.824Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE44AFD0-04BC-4754-8834-77C27AEA3CDE", "versionEndIncluding": "6.5.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*", "matchCriteriaId": "B3E850FF-78BA-496F-9C3D-C119C64B34F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM."}, {"lang": "es", "value": "Adobe Experience Manager versiones 6.5.13.0 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de Violaci\u00f3n de los Principios de Dise\u00f1o Seguro que podr\u00eda conllevar a una omisi\u00f3n de la funci\u00f3n de seguridad del mecanismo de cifrado en el backend . Un atacante podr\u00eda aprovechar esta vulnerabilidad para descifrar secretos, sin embargo, este es un ataque de alta complejidad ya que el actor de la amenaza necesita ya poseer esos secretos. La explotaci\u00f3n de este problema requiere un acceso de bajo privilegio a AEM"}], "id": "CVE-2022-30683", "lastModified": "2024-11-21T07:03:09.897", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-16T18:15:12.943", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-657"}], "source": "psirt@adobe.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}