This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A zero-day vulnerability in a prominent content management solution used by high-profile firms such as Deloitte, Dell, and Microsoft has been found.
The flaw in Adobe Experience Manager (AEM) was detected by two members of Detectify’s ethical hacking community.
Adobe Experience Manager (AEM) is a popular content management system for developing digital customer experiences like websites, mobile apps, and forms. AEM has become the primary Content Management System (CMS) for many high-profile businesses due to its comprehensiveness and ease of use.
The flaw allows hackers to bypass authentication and obtain access to CRX Package Manager, making applications vulnerable to Remote code execution attacks. It affects CR package endpoints and can be fixed by denying public access to the CRX consoles.
Detectify spokesperson stated, “With access to the CRX Package Manager, an attacker could upload a malicious package in Adobe Experience Manager to leverage it to an RCE and gain full control of the application.”
Ai Ho and Bao Bui, members of Detectify Crowdsource, initially detected the vulnerability in an instance of AEM used by Sony Interactive Entertainment’s PlayStation subsidiary in December 2020. Three months later, the AEM CRX bypass was discovered within various Mastercard subdomains. The issues were reported to Sony and Mastercard at the time.
Mas
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Zero-day Exploit Detected in Adobe Experience Manager