What Windows Vulnerabilities does AEM Forms 6.5.0-0044 fixes?

Forum|Forum|3 years ago
June 10, 2022
2 replies
1024 views

More specifically, I need to know if AEM Forms 6.5.0-0044 fixes the vulnerabilities below. Thank you.

Apache Shiro < 1.8.0 Authentication Bypass

Apache POI < 3.17 Multiple DoS Vulnerabilities

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Pulkit_Jain_

@coldwarsoldier

AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.

I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not.

Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.

Pulkit_Jain_

Accepted solution

Adobe Employee

@coldwarsoldier

AEM Forms JEE uses apache-poi 3.17 to address CVE-2017-12626.

I don't see any reference to Apache Shiro i.e Authentication Bypass to address CVE-2021-41303 in the archives so don't think this was reported previously. May have to check if this library is used by any module in AEM Forms JEE or not.

Please raise a support ticket to get the impact of this vulnerability accessed. Also, a vulnerability scan report will help.