Expand my Community achievements bar.

AEM Security Vulnerability

Avatar

Level 4
Level 4
11/23/25 8:00:39 PM

Hello Everyone,


One of my clients is utilizing AEM Cloud, but our internal team has discovered a critical vulnerability that has not been communicated by the Adobe Cloud team.
Here are the steps to replicate the issue:

 

  1. Launch a web browser.
  2. Go to the URL: https://<domain>/bin/querybuilder.json;x='x/graphql/execute/json/'? path=/etc&p.hits=full&p.limit=-1
  3. Notice that the endpoint can be accessed without any authentication.
  4. This endpoint can be utilized to explore internal content structures by adjusting the query parameters accordingly.

 

I would like to know if anyone else has encountered this vulnerability. If so, how was it addressed?


Has Adobe Cloud provided a solution (please include the security patch number or Adobe link), or did your development team handle it?

 

Please share the details of any solutions that were implemented.

 

Note : Though I find the blog but need to understand which Adobe Security Patch is linked to it.

 

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Content Fragments Experience Manager Experience Manager as a Cloud Service Experience Manager Assets

Views

93

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
0 Replies
Related Conversations
Hello, I have a question when updating an asset's metadata using the Assets API in AEM as a Cloud Service. Solved

Views

250

Likes

0

Replies

3
Upgrading to Java 21 for AEM : Baseline MAJOR Error due to META-INF/maven resource change after upgrading bnd from 5.1.2 to 6.4.0

Views

85

Likes

0

Replies

1
Aem Login form to authenticate against microsoft entra id

Views

113

Likes

0

Replies

2
How to create blog for AEM EDS site with Universal Editor

Views

206

Likes

0

Replies

3
XDP For a PDF in AEM Forms

Views

237

Likes

0

Replies

8