More specifically, I need to know if AEM Forms 6.5.0-0044 fixes the vulnerabilities below. Thank you.
Apache Shiro < 1.8.0 Authentication Bypass
Apache POI < 3.17 Multiple DoS Vulnerabilities
Solved! Go to Solution.
Views
Replies
Total Likes
AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.
I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not.
Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.
AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.
I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not.
Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.
@coldwarsoldier Are those being flagged in the security scan? I doubt seeing them in forms.
Yes, these vulnerabilities were found during a scan
@coldwarsoldier In that case you need to log a support case with the security scan report and the team will check further.
Views
Likes
Replies