Adobe Experience Manager is a web content management system used by organizations to manage and publish their websites. This vulnerability allows attackers to execute malicious scripts in the context of a user's browser, potentially leading to unauthorized access to sensitive data or taking control of the user's session.
Affected versions: 6.5.23 If you don't recognise this software, you're probably not affected.
Upgrade to Adobe Experience Manager version 6.5.24 or later.
- Immediate mitigations:
* Restrict network access to your AEM instance (firewall it from the public internet)
* Audit admin account activity for suspicious access patterns
* Monitor for unauthorized token creation