S4E

AEM - Adobe Experience Manager UserInfo Servlet Scanner

If UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

13 days 13 hours

Scan only one

URL

Toolbox

-

AEM - Adobe Experience Manager is an enterprise-grade CMS. AEM is widely used by high-profile companies. AEM is big and complex. AEM also has 26 known CVEs. Misconfigured AEM applications can cause many critical vulnerabilities.

Get started to protecting your digital assets