Expand my Community achievements bar.

SOLVED

AEMForms-6.5.0-0038 - Vulnerability CVE-2019-17571 and CVE-2015-4000

Avatar

Level 1
Level 1
9/13/24 4:00:42 AM

I couldn't find topic about how to upgrade log4j AEM. Also is there any problem to reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.

Views

190

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
9/18/24 4:13:12 AM

@ErsinKa 

The two CVEs mentioned are related to different issues:

Apache Log4j <=1.2.17 Remote Code Execution Vulnerability in SocketServer - CVE-2019-17571

This CVE does not impact AEM Forms 6.5.

CVE-2015-4000 is specific to the DHE_EXPORT cipher suite. There are steps[0] to update the secure AEM against various SSL / TLS vulnerabilities and configure the JDK.tls.ephemeralDHKeySize to 2048.
To mitigate the log4j vulnerability, follow the steps mentioned here[1].

Let me know if you have any concerns.

 

[0] - https://helpx.adobe.com/ie/experience-manager/kb/secure-AEM-against-newer-SSL-TLS-attacks-AEM.html 

[1] - https://helpx.adobe.com/in/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html 

View solution in original post

Views

125

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee Advisor
Employee Advisor
9/18/24 4:13:12 AM

@ErsinKa 

The two CVEs mentioned are related to different issues:

Apache Log4j <=1.2.17 Remote Code Execution Vulnerability in SocketServer - CVE-2019-17571

This CVE does not impact AEM Forms 6.5.

CVE-2015-4000 is specific to the DHE_EXPORT cipher suite. There are steps[0] to update the secure AEM against various SSL / TLS vulnerabilities and configure the JDK.tls.ephemeralDHKeySize to 2048.
To mitigate the log4j vulnerability, follow the steps mentioned here[1].

Let me know if you have any concerns.

 

[0] - https://helpx.adobe.com/ie/experience-manager/kb/secure-AEM-against-newer-SSL-TLS-attacks-AEM.html 

[1] - https://helpx.adobe.com/in/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html 

Views

126

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Modify properties for Adaptive Form and Adaptive Form Fragment Solved

Views

183

Likes

0

Replies

3
Upgrade AEM65SP17 to AEM65SP21 - upload and install of “adobe-aemfd-linux-pkg-6.0.1244.zip” failed with following errors. Solved

Views

205

Likes

0

Replies

2
Modify List View on Form and Documents

Views

88

Likes

0

Replies

1
unable to create forms theme getting console error and if editing existing theme getting blank page showing jcr:Content not found in error log

Views

118

Likes

0

Replies

1
Adobe Form Designer : Disable or hide the command Save As, Save and Print menu

Views

287

Likes

0

Replies

5