HomePentest-Tools.com Logo

Adobe Experience Manager (AEM) Multiple Vulnerabilities (APSB16-05) - Active Check CVE-2016-0955CVE-2016-0956CVE-2016-0957CVE-2016-0958

Severity
CVSSv3 Score
7.5
Vulnerability description

Adobe Experience Manager (AEM) is prone to multiple vulnerabilities.

Risk description

The following flaws exist: - CVE-2016-0955: Cross-site scripting (XSS) vulnerability - CVE-2016-0956: Information disclosure in the Servlets Post component of Apache Sling as used in AEM - CVE-2016-0957: Dispatcher as used in AEM does not properly implement a URL filter - CVE-2016-0958: Unspecified vulnerability related to a crafted serialized Java object - CVE-2016-0955: The flaw allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog - CVE-2016-0956: Successful exploitation will allow remote unauthenticated users to enumerate local system files/folders that are not accessible publicly to unauthenticated users - CVE-2016-0957: The flaw allows remote attackers to bypass dispatcher rules via unspecified vectors - CVE-2016-0958: Unspecified impact

Recommendation

Apply the hotfixes and updates described in the referenced vendor advisory.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 10, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available