Detections
Analytics

Adobe Experience Manager (AEM) Dispatcher Bypass

high Web App Scanning Plugin ID 115061

Language:

Synopsis

Adobe Experience Manager (AEM) Dispatcher Bypass

Description

The remote Adobe Experience Manager (AEM) is affected by a dispatcher misconfiguration that allows for security filter bypass. By sending a specially crafted request, an unauthenticated, remote attacker can access internal endpoints, such as the QueryBuilder JSON API. A successful exploit could lead to unauthorized access and information disclosure).

Solution

It is recommended to review and strengthen the AEM Dispatcher's filter rules to follow a 'deny by default' approach. Ensure that access to sensitive administrative and internal endpoints, such as `/bin/querybuilder.json`, is explicitly denied. Consult the Adobe Experience Manager Dispatcher Security Checklist for comprehensive guidance on securing the dispatcher configuration.

See Also

https://experienceleague.adobe.com/docs/experience-manager-65/developing/platform/query-builder/querybuilder-api.html

https://slcyber.io/assetnote-security-research-center/finding-critical-bugs-in-adobe-experience-manager/

Plugin Details

Severity: High

ID: 115061

Type: remote

Published: 12/4/2025

Updated: 12/4/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: High

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information