Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
https://helpx.adobe.com/security/products/experience-manager/apsb19-48.html