Solved
AEMForms-6.5.0-0038 - Vulnerability CVE-2019-17571 and CVE-2015-4000
I couldn't find topic about how to upgrade log4j AEM. Also is there any problem to reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
The two CVEs mentioned are related to different issues:
Apache Log4j <=1.2.17 Remote Code Execution Vulnerability in SocketServer - CVE-2019-17571
This CVE does not impact AEM Forms 6.5.
CVE-2015-4000 is specific to the DHE_EXPORT cipher suite. There are steps[0] to update the secure AEM against various SSL / TLS vulnerabilities and configure the JDK.tls.ephemeralDHKeySize to 2048.
To mitigate the log4j vulnerability, follow the steps mentioned here[1].
Let me know if you have any concerns.
[0] - https://helpx.adobe.com/ie/experience-manager/kb/secure-AEM-against-newer-SSL-TLS-attacks-AEM.html
[1] - https://helpx.adobe.com/in/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.