Adobe Experience Manager (AEM) CRX Namespace Editor Panel Detected

medium Web App Scanning Plugin ID 115052

Language:

Synopsis

Adobe Experience Manager (AEM) CRX Namespace Editor Panel Detected

Description

This plugin detects the presence of the Adobe Experience Manager (AEM) CRX Namespace Editor panel on a web application. The CRX Namespace Editor panel is part of the AEM's content repository management interface, allowing administrators to manage namespaces and node types within the repository. Unauthorized access to this panel can lead to potential security risks, including unauthorized modifications to the content repository structure.

Solution

Restrict access to administrative functionality using a .htaccess file, limiting access to known IP Addresses.

Plugin Details

Severity: Medium

ID: 115052

Type: remote

Family: Web Applications

Published: 12/4/2025

Updated: 12/4/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information

CWE: 16

OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A5

WASC: Application Misconfiguration

OWASP API: 2019-API7, 2023-API8