Adobe Experience Manager Sites & More

anagunt · 6/22/23

One of our security team member was successful in accessing critical AEM nodes by bypassing dispatcher using this special encoding technique that uses ASCII code for the } character (Example: * /.%7D./.%7D./.%7D./.%7D./.%7D./)

To bypass authentication they downloaded an auth certificate using this vulnerability.

We were able to address this by adding few entries in dispatcher filters.

But we are not able to understand why ' } ' worked as valid bypass?

ManviSharma · 6/26/23

Hi,

The specific reason why '}' worked as a valid bypass would require further investigation into the specific vulnerabilities present in your AEM implementation and the encoding technique being used.

However, It could be related to how the application interprets or mishandles special characters in certain contexts.

View solution in original post

ManviSharma · 6/26/23

Hi,

The specific reason why '}' worked as a valid bypass would require further investigation into the specific vulnerabilities present in your AEM implementation and the encoding technique being used.

However, It could be related to how the application interprets or mishandles special characters in certain contexts.

dsrivastava · 7/27/23

Hi @ManviSharma

Is there a fix to circumvent this? This looks like an Adobe OOTB issue and multiple clients are having to figure temporary workarounds to fix this

Devanshi

Adobe Experience Manager Sites & More

Dispatcher vulnerability is allowing access to AEM nodes by using special encoding technique

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe