
AEM - Adobe Experience Manager UserInfo Servlet Scanner
If UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 13 hours
Scan only one
URL
Toolbox
-
AEM - Adobe Experience Manager is an enterprise-grade CMS. AEM is widely used by high-profile companies. AEM is big and complex. AEM also has 26 known CVEs. Misconfigured AEM applications can cause many critical vulnerabilities.