{"cve":{"cve_id":"CVE-2021-40722","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.03273,"epss_percentile":0.86802,"epss_as_of":"2026-06-23","description":"AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.","published_at":"2022-01-13T20:27:18.222000Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-611"],"nvd_references":["https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:16:09.597821Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"adobe","vendor_name":"Adobe","product_slug":"experience-manager","product_name":"Experience Manager","version_start":"unspecified","version_start_inclusive":true,"version_end":"6.5.10.0","version_end_inclusive":true,"cpe23_uri":"cve5:adobe:experience-manager:unspecified:6.5.10.0"},{"vendor_slug":"adobe","vendor_name":"Adobe","product_slug":"experience-manager","product_name":"Experience Manager","version_start":"unspecified","version_start_inclusive":true,"version_end":"None","version_end_inclusive":true,"cpe23_uri":"cve5:adobe:experience-manager:unspecified:None"}],"exploit_refs":[],"news":[],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2022-01-13T20:27:18.222000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:19:30.643420Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:19:30.643420Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:19:30.643420Z","label":"CVSS score revised","source":"cvelistv5"}]}