9.8
CVE-2026-22583
- EPSS 0.66%
- Veröffentlicht 24.01.2026 00:20:54
- Zuletzt bearbeitet 12.02.2026 16:12:21
- Quelle security@salesforce.com
- CVE-Watchlists
- Unerledigt
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Salesforce ≫ Marketing Cloud Engagement Version < 2026-01-21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.466 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://help.salesforce.com/s/articleView?id=005299346&type=1