Adobe Experience Manager Forms

coldwarsoldier · 6/10/22

More specifically, I need to know if AEM Forms 6.5.0-0044 fixes the vulnerabilities below. Thank you.

Apache Shiro < 1.8.0 Authentication Bypass

Apache POI < 3.17 Multiple DoS Vulnerabilities

Pulkit_Jain_ · 6/10/22

AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.

I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not.

Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.

View solution in original post

Pulkit_Jain_ · 6/10/22

@coldwarsoldier

AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.

I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not.

Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.

Mayank_Gandhi · 6/10/22

@coldwarsoldier Are those being flagged in the security scan? I doubt seeing them in forms.

coldwarsoldier · 6/13/22

Yes, these vulnerabilities were found during a scan

Mayank_Gandhi · 6/13/22

@coldwarsoldier In that case you need to log a support case with the security scan report and the team will check further.

Adobe Experience Manager Forms

What Windows Vulnerabilities does AEM Forms 6.5.0-0044 fixes?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe