Expand my Community achievements bar.

SOLVED

What Windows Vulnerabilities does AEM Forms 6.5.0-0044 fixes?

Avatar

Level 2

More specifically, I need to know if AEM Forms 6.5.0-0044 fixes the vulnerabilities below.  Thank you.

 

Apache Shiro < 1.8.0 Authentication Bypass

Apache POI < 3.17 Multiple DoS Vulnerabilities

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

@coldwarsoldier 

AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.

I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not. 

Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.

View solution in original post

4 Replies

Avatar

Correct answer by
Employee Advisor

@coldwarsoldier 

AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.

I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not. 

Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.

Avatar

Employee Advisor

@coldwarsoldier Are those being flagged in the security scan? I doubt seeing them in forms.

Avatar

Employee Advisor

@coldwarsoldier In that case you need to log a support case with the security scan report and the team will check further.