Serviceteam IT Security News

Zero-day Exploit Found in Adobe Experience Manager

A zero-day vulnerability has been discovered in a popular content management solution used by high-profile companies including Deloitte, Dell and Microsoft.

The bug in Adobe Experience Manager (AEM) was detected by two members of Detectify’s ethical hacking community. If left unchecked, the weakness allows attackers to bypass authentication and gain access to CRX Package Manager, leaving applications open to remote code execution (RCE) attacks.

"With access to the CRX Package Manager, an attacker could upload a malicious package in Adobe Experience Manager to leverage it to an RCE and gain full control of the application," said a Detectify spokesperson.

Detectify Crowdsource members Ai Ho (@j3ssiejjj) and Bao Bui (@Jok3rDb) uncovered the vulnerability and named it AEM CRX Bypass. 

The pair found that several large organizations were affected by the bug, including Mastercard, LinkedIn, PlayStation and McAfee. 

The vulnerability occurs at CR package endpoints and can be remediated by blocking public access to the CRX consoles. 

A Detectify spokesperson explained: "The CRX Package Manager is accessed by bypassing authentication in Dispatcher, Adobe Experience Manager’s caching and/or load balancing tool. 

"Dispatcher checks user’s access permissions for a page before delivering the cached page and is an essential part of most – if not all  – AEM installations. It can be bypassed by adding a lot of special characters in combination in the request."

Security researcher Bao Bui is a former CTF player of the Meepwn CTF Team who started hunting bug bounties around a year ago. Security engineer and developer Ai Ho has been active on the bug bounty scene for two years, building his own bug-catching tools and sharing them on GitHub.  

The zero-day flaw was reported to Adobe, who swiftly released a patch for it. The AEM CRX Bypass zero-day was then implemented as a security test module on Detectify’s platform. 

"Since it went live in May 2021, around 30 instances of the AEM CRX Bypass vulnerability have been in customers’ web applications," said a Detectify spokesperson. 

Detectify's scans for more than 80 unique AEM vulnerabilities have generated over 160,000 hits in total so far. 

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply