Security News > 2021 > June > Details of RCE Bug in Adobe Experience Manager Revealed

Details of RCE Bug in Adobe Experience Manager Revealed
2021-06-29 11:34

Details of an Adobe zero-day bug found in its content-management solution Adobe Experience Manager, which affected customers ranging from Mastercard, LinkedIn and PlayStation, were revealed Monday.

Researchers in the ethical-hacking community Detectify Crowdsource identified the flaw in the CRX Package Manager component of Adobe's AEM. AEM is an enterprise-class tool for creating and managing websites, mobile apps and online forums.

"Packages enable the importing and exporting of repository content, and the Package Manager can be used for configuring, building, downloading, installing and deleting packages on local AEM installations."

It wasn't until a series of tests and validation of the flaw by Detectify that Adobe was notified of the bug on March 25.

On May 6, Adobe issued a patch for its AEM platform.

According to researchers, if the vulnerability is left unpatched, attackers can easily access the CRX Package Manager to upload a malicious package within the context of Adobe's AEM solution and execute a remote-code execution attack to "Gain full control of the application," researchers observed.


News URL

https://threatpost.com/rce-bug-in-adobe-revealed/167382/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 112 77 1333 1988 640 4038