- Gen AI ROI falls short of expectations, but belief persists
- Finally, a luxury soundbar that's compact and delivers immersive audio (and it's $300 off)
- From Alerts to Action: How AI Empowers SOC Analysts to Make Better Decisions
- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
Zero-day Exploit Found in Adobe Experience Manager
A zero-day vulnerability has been discovered in a popular content management solution used by high-profile companies including Deloitte, Dell and Microsoft.
The bug in Adobe Experience Manager (AEM) was detected by two members of Detectify’s ethical hacking community. If left unchecked, the weakness allows attackers to bypass authentication and gain access to CRX Package Manager, leaving applications open to remote code execution (RCE) attacks.
“With access to the CRX Package Manager, an attacker could upload a malicious package in Adobe Experience Manager to leverage it to an RCE and gain full control of the application,” said a Detectify spokesperson.
Detectify Crowdsource members Ai Ho (@j3ssiejjj) and Bao Bui (@Jok3rDb) uncovered the vulnerability and named it AEM CRX Bypass.
The pair found that several large organizations were affected by the bug, including Mastercard, LinkedIn, PlayStation and McAfee.
The vulnerability occurs at CR package endpoints and can be remediated by blocking public access to the CRX consoles.
A Detectify spokesperson explained: “The CRX Package Manager is accessed by bypassing authentication in Dispatcher, Adobe Experience Manager’s caching and/or load balancing tool.
“Dispatcher checks user’s access permissions for a page before delivering the cached page and is an essential part of most – if not all – AEM installations. It can be bypassed by adding a lot of special characters in combination in the request.”
Security researcher Bao Bui is a former CTF player of the Meepwn CTF Team who started hunting bug bounties around a year ago. Security engineer and developer Ai Ho has been active on the bug bounty scene for two years, building his own bug-catching tools and sharing them on GitHub.
The zero-day flaw was reported to Adobe, who swiftly released a patch for it. The AEM CRX Bypass zero-day was then implemented as a security test module on Detectify’s platform.
“Since it went live in May 2021, around 30 instances of the AEM CRX Bypass vulnerability have been in customers’ web applications,” said a Detectify spokesperson.
Detectify’s scans for more than 80 unique AEM vulnerabilities have generated over 160,000 hits in total so far.
