An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Experience_manager | Adobe | * | 6.2.1.20 (including) |
Experience_manager | Adobe | 6.3.0.0 (including) | 6.3.3.8 (including) |
Experience_manager | Adobe | 6.4.0.0 (including) | 6.4.8.1 (including) |
Experience_manager | Adobe | 6.5.0.0 (including) | 6.5.5.0 (including) |
Experience_manager_forms | Adobe | 6.4.8.1 (including) | 6.4.8.1 (including) |
Experience_manager_forms | Adobe | 6.5.5.0 (including) | 6.5.5.0 (including) |