Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.
The vulnerability consists in the possibility of an unauthenticated attacker forcing the server to execute HTTP requests to any network resources (SSRF). Exploitation does not require user interaction or any prior permissions (PR:N, UI:N). The vector indicates a scope change (Scope Changed), which means that the effects of the attack may extend beyond the directly vulnerable component and affect other systems in the infrastructure.
An attacker can obtain privilege escalation and complete compromise of confidentiality, integrity and availability of the system, potentially extending its scope to resources outside the originally attacked component.
Patches from the vendor must be applied immediately according to the references: https://helpx.adobe.com/security/products/campaign/apsb26-66.html
Adobe Campaign Classic (ACC) in version 7.4.3 build 9394 and all earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H