Adobe Experience Manager is a web content management system used by organizations to manage and publish their websites. This vulnerability allows attackers to execute malicious scripts in the context of a user's browser, potentially leading to unauthorized access to sensitive data or taking control of the user's session.
Affected versions: 6.5.23 If you don't recognise this software, you're probably not affected.
Upgrade to Adobe Experience Manager 6.5.24 or later.
Maven: Update the aem-core dependency in your pom.xml file.
Immediate mitigations:
- Restrict network access to your AEM instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation