Adobe Experience Manager Sites & More

akank_23 · 6/28/21

Hi All,

WE have csrf vulnerabilty that needs to be remediated.

Please help in remediating this issue.

How we can fix this.

markus_bulla_adobe · 6/28/21

Handling potential security vulnerabilities (incl. CSRF) can be a very individual process.

If you are referring to a vulnerability in AEM (the product; not custom code), please check the latest security fixes / service packs and their according release notes. If you have indications that the vulnerability may not yet be addressed, please reach out to Adobes customer care to make them aware of it.

You can reach customer care through the Adobe Admin Console. Please refer to this article on how to access the support portal and how to create a ticket. Some information about properly qualifying your request can be found here.

General recommendation before filing your ticket is:

Ensure that you have the latest service packs installed.
Ideally, the issue should be reproducible on a "vanilla" instance (means: a plain instance without any custom code). This will help customer care to reproduce the issue on their end.

If you are referring to a vulnerability in your projects code, there is some general advice as mentioned by @Ritesh_Mittal. Without knowledge about the details, it is hard to give any advice beyond that.

Hope that helps!

View solution in original post

Ritesh_Mittal · 6/28/21

Hi @akank_23 ,

We have documentation available to prevent this-

https://experienceleague.adobe.com/docs/experience-manager-65/forms/administrator-help/configure-use...

https://experienceleague.adobe.com/docs/experience-manager-65/developing/introduction/csrf-protectio...

If those are not helping then can you please explain what issue you are facing exactly?

markus_bulla_adobe · 6/28/21

Hi @akank_23!

Handling potential security vulnerabilities (incl. CSRF) can be a very individual process.

If you are referring to a vulnerability in AEM (the product; not custom code), please check the latest security fixes / service packs and their according release notes. If you have indications that the vulnerability may not yet be addressed, please reach out to Adobes customer care to make them aware of it.

You can reach customer care through the Adobe Admin Console. Please refer to this article on how to access the support portal and how to create a ticket. Some information about properly qualifying your request can be found here.

General recommendation before filing your ticket is:

Ensure that you have the latest service packs installed.
Ideally, the issue should be reproducible on a "vanilla" instance (means: a plain instance without any custom code). This will help customer care to reproduce the issue on their end.

If you are referring to a vulnerability in your projects code, there is some general advice as mentioned by @Ritesh_Mittal. Without knowledge about the details, it is hard to give any advice beyond that.

Hope that helps!

akank_23 · 6/28/21

Its about the product not the local site, how can i connect to adobe Customer care ???? @markus

markus_bulla_adobe · 6/28/21

Hi @akank_23!

I have updated my answer with some links and instructions on how to contact client care. This can be done through Adobes Admin Console (menu "Support", button "Create case"). You will need the according access permission in Admin Console for your organization. If that's not the case, please reach out to the responsible person within your organization to either grant you the permissions or create the ticket on your behalf.

Hope that helps!