Zero-day Exploit Found in Adobe Experience Manager

Jun 28, 2021 06:00 pm Cyber Security 284

Zero-day Exploit Found in Adobe Experience Manager

A zero-day vulnerability has been discovered in a popular content management solution used by high-profile companies including Deloitte, Dell and Microsoft.





The bug in Adobe Experience Manager (AEM) was detected by two members of Detectify’s ethical hacking community. If left unchecked, the weakness allows attackers to bypass authentication and gain access to CRX Package Manager, leaving applications open to remote code execution (RCE) attacks.





"With access to the CRX Package Manager, an attacker could upload a malicious package in Adobe Experience Manager to leverage it to an RCE and gain full control of the application," said a Detectify spokesperson.





Detectify Crowdsource members Ai Ho (@j3ssiejjj) and Bao Bui (@Jok3rDb) uncovered the vulnerability and named it AEM CRX Bypass. 





The pair found that several large organizations were affected by the bug, including Mastercard, LinkedIn, PlayStation and McAfee. 





The vulnerability occurs at CR package endpoints and can be remediated by blocking public access to the CRX consoles. 





A Detectify spokesperson explained: "The CRX Package Manager is accessed by bypassing authentication in Dispatcher, Adobe Experience Manager’s caching and/or load balancing tool. 





"Dispatcher checks user’s access permissions for a page before delivering the cached page and is an essential part of most – if not all  – AEM installations. It can be bypassed by adding a lot of ..

Support the originator by clicking the read the rest link below.

exploit found adobe experience manager
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!