Adobe Experience Manager Sites & More

manishaa5646486 · 9/2/22

Browser back and refresh button attack vulnerability for Author instance. I have Set Cache-control headers, but issue is partial solved for siteadmin but for welcome screen its exists

Jörg_Hoh · 9/4/22

Please raise a ticket with Adobe support and include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

Thanks for your help,

Jörg

View solution in original post

Jörg_Hoh · 9/4/22

Please raise a ticket with Adobe support and include a detailled description how to reproduce.

Posting potential security issues here in the forums is not the best way to get them fixed.

Thanks for your help,

Jörg

arunpatidar · 9/5/22

Please raise it with Adobe.

Just a side note:

As AEM Author access is primarily restricted within intranets, it is not exposed to end users, so this won't have a major impact.

Arun Patidar

manishaa5646486 · 9/9/22

thanks for the reply. I have raised some but they have mentioned as this is not considered a vulnerability within our threat model. So, I'm looking for suggestions.

Jörg_Hoh · 9/9/22

so if I understand you right, the Adobe security mentioned that this is not covered by their thread-model, but your own security team (or of the customer you are working with) says it is part of their threat-model?

I don't think that you can solve this difference in understanding. Rather let the security teams talk to each other and resolve it themselves.

manishaa5646486 · 9/13/22

thanks

Adobe Experience Manager Sites & More

Browser back and refresh button attack vulnerability for Author instance.

Browser back and refresh button attack vulnerability for Author instance. I have Set Cache-control headers, but issue is partial solved for siteadmin but for welcome screen its exists

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe