You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It has been identified that there is a bug in Adobe AEM which allows attackers to bypass authentication and gain access to CRX Package Manager through dispatcher. Packages enable the importing and exporting of repository content, and the Package Manager can be used for configuring, building, downloading, installing and deleting packages on local AEM installations. With access to the CRX Package Manager, an attacker could upload a malicious package in Adobe Experience Manager to leverage it to a Remote Control Execution (RCE) and gain full control of the application. AEM Opencloud has already blocked such endpoints previously.
To Reproduce
Steps to reproduce the behavior:
Create a fullset environment using aem-opencloud v5.2.0
Expected behavior
This endpoint should be blocked through publish dispatcher endpoint and redirect/take them to default site error page.
Screenshots
Environment (please complete the following information if relevant):
Full Set using aem-opencloud v5.2.0
Additional context
This vulnerability can be remediated by blocking public access to the CRX console (blocking all access to endpoints: /content/..;/crx/*) in the dispatcher rules.
Also ensure this path is included in inspec-aem-security, so that it verifies the path is added to blocked list.
The text was updated successfully, but these errors were encountered:
Describe the bug
It has been identified that there is a bug in Adobe AEM which allows attackers to bypass authentication and gain access to CRX Package Manager through dispatcher. Packages enable the importing and exporting of repository content, and the Package Manager can be used for configuring, building, downloading, installing and deleting packages on local AEM installations. With access to the CRX Package Manager, an attacker could upload a malicious package in Adobe Experience Manager to leverage it to a Remote Control Execution (RCE) and gain full control of the application. AEM Opencloud has already blocked such endpoints previously.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
This endpoint should be blocked through publish dispatcher endpoint and redirect/take them to default site error page.
Screenshots
Environment (please complete the following information if relevant):
Additional context
This vulnerability can be remediated by blocking public access to the CRX console (blocking all access to endpoints: /content/..;/crx/*) in the dispatcher rules.
Also ensure this path is included in inspec-aem-security, so that it verifies the path is added to blocked list.
The text was updated successfully, but these errors were encountered: