A zero-working day vulnerability has been discovered in a well-liked content material management answer utilized by superior-profile corporations which includes Deloitte, Dell and Microsoft.
The bug in Adobe Working experience Supervisor (AEM) was detected by two members of Detectify’s moral hacking community. If remaining unchecked, the weakness enables attackers to bypass authentication and attain entry to CRX Package deal Manager, leaving apps open to remote code execution (RCE) attacks.
“With access to the CRX Bundle Manager, an attacker could add a malicious package in Adobe Working experience Supervisor to leverage it to an RCE and gain total management of the software,” mentioned a Detectify spokesperson.
Detectify Crowdsource members Ai Ho (@j3ssiejjj) and Bao Bui (@Jok3rDb) uncovered the vulnerability and named it AEM CRX Bypass.
The pair found that numerous massive corporations were being affected by the bug, which include Mastercard, LinkedIn, PlayStation and McAfee.
The vulnerability occurs at CR bundle endpoints and can be remediated by blocking general public access to the CRX consoles.
A Detectify spokesperson defined: “The CRX Offer Supervisor is accessed by bypassing authentication in Dispatcher, Adobe Knowledge Manager’s caching and/or load balancing tool.
“Dispatcher checks user’s accessibility permissions for a webpage ahead of providing the cached page and is an essential component of most – if not all – AEM installations. It can be bypassed by adding a lot of specific characters in mixture in the request.”
Security researcher Bao Bui is a previous CTF participant of the Meepwn CTF Workforce who started hunting bug bounties around a calendar year in the past. Security engineer and developer Ai Ho has been active on the bug bounty scene for two years, creating his very own bug-catching tools and sharing them on GitHub.
The zero-day flaw was claimed to Adobe, who swiftly unveiled a patch for it. The AEM CRX Bypass zero-day was then carried out as a security check module on Detectify’s system.
“Considering the fact that it went are living in May 2021, all over 30 circumstances of the AEM CRX Bypass vulnerability have been in customers’ web programs,” said a Detectify spokesperson.
Detectify’s scans for extra than 80 distinctive AEM vulnerabilities have produced more than 160,000 hits in complete so considerably.
Some elements of this post are sourced from: