BeyondMachines :verified:@beyondmachines1@infosec.exchange
Adobe releases emergency updates for Adobe Experience Manager Forms flaes after public PoC
Adobe patched three critical vulnerabilities in Experience Manager Forms on JEE (CVSS scores up to 10.0) that allow unauthenticated remote code execution and authentication bypass, after security researchers published proof-of-concept exploits following Adobe's delayed response to responsible disclosure.
If you're running Adobe Experience Manager (AEM) Forms on JEE (versions 6.5.0 to 6.5.23.0), be aware that the products are critically vulnerable and that there's a public PoC. Immediately apply the available patches, because these forms are exposed to the internet and will be attacked very soon. Alternatively, restrict network access to AEM Forms from external networks until you can patch. But even isolating is a temporary fix - someone will attack them if left unpatched.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-emergency-updates-for-adobe-experience-manager-forms-flaes-after-public-poc-w-g-u-2-v/gD2P6Ple2L