Adobe Experience Manager Sites & More

broman__pl · 8/22/23

Is it possible to get updated quickstart jar with all updated dependencies?

our security scans are keep reporting that it contains a lot of security issues

It is about 25 in initial jar and 49 in unpacked

cq6-publish-p7503.jar

CVE-2021-35043
CVE-2019-16869
CVE-2018-1002202
CVE-2022-29577
CVE-2019-0231
CVE-2022-28366
CVE-2017-5929
CVE-2021-40690
CVE-2019-0201
CVE-2023-24998
CVE-2022-45064
CVE-2021-43797
CVE-2020-28491
CVE-2022-28367
CVE-2016-5018
CVE-2018-12536
CVE-2022-41704
CVE-2017-12620
CVE-2022-42890
CVE-2023-26513
CVE-2019-12402
CVE-2019-12400
CVE-2021-35515
CVE-2016-6796
CVE-2021-35516

cq-quickstart-6.5.0-standalone-quickstart.jar

CVE-2019-20444
CVE-2018-12022
CVE-2022-23437
CVE-2019-10247
CVE-2022-23457
CVE-2022-22968
CVE-2018-1272
CVE-2022-22970
CVE-2023-25621
CVE-2017-10355
CVE-2018-19360
CVE-2021-23792
CVE-2018-14719
CVE-2022-24891
CVE-2013-4002
CVE-2015-5237
CVE-2018-1000873
CVE-2016-5007
CVE-2009-2625
CVE-2023-20863
CVE-2019-20445
CVE-2020-14338
CVE-2018-12023
CVE-2012-0881
CVE-2018-11307
CVE-2023-20861
CVE-2021-22570
CVE-2018-19361
CVE-2018-1257
CVE-2022-35278
CVE-2018-14721
CVE-2022-2047
CVE-2018-1275
CVE-2017-7656
CVE-2018-14720
CVE-2022-22971
CVE-2022-22965
CVE-2022-22950
CVE-2018-14718
CVE-2020-1940
CVE-2023-25141
CVE-2020-5421
CVE-2018-19362
CVE-2019-10241
CVE-2018-1271
CVE-2018-1270
CVE-2018-15756
CVE-2013-5960
CVE-2019-13990

Harwinder-singh · 8/22/23

@broman__pl You should be able to grab a new service pack for AEM 6.5 from the software distribution portal.

https://experience.adobe.com/#/downloads/content/software-distribution/en/aem.html

You can also look at the release notes for 6.5 to see what fixes were made in each of those release packs.

https://experienceleague.adobe.com/docs/experience-manager-65/release-notes/release-notes.html?lang=...

broman__pl · 8/22/23

I have installed SP on top of AEM instance but those initial jars are still there and VM scan keep reporting those issues as it is aem.6.5.0 and it includes all original jar dependencies with security issues.

Harwinder-singh · 8/22/23

@broman__pl You can refer to the AEM security bulletin to see which AEM version has a quickstart file that contains fixes to the issues that you listed - https://helpx.adobe.com/security/security-bulletin.html#experience-manager

Accordingly, you can plan to upgrade to a higher AEM version.

broman__pl · 8/22/23

sorry but there is only list of fixes and SP or Hot Fixes but quickstart I only see initial one don't see any updated

Rite18 · 8/22/23

In this case, try to look for jar dependencies with maven and update to recent version . As this might be related to java/maven project not specific to AEM

broman__pl · 8/23/23

no, all those security issues are related to this actual jar file not aem itself

Rite18 · 8/24/23

if it is related to AEM actual jar file , you might need to open a ticket with Adobe

Adobe Experience Manager Sites & More

updated quick start jar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe