Adobe Experience Manager (AEM) QueryBuilder JCR Role Disclosure

medium Web App Scanning Plugin ID 115064

Language:

Synopsis

Adobe Experience Manager (AEM) QueryBuilder JCR Role Disclosure

Description

The remote Adobe Experience Manager (AEM) QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the JCR roles of the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servlet endpoint.

Solution

Restrict access to the endpoint using a .htaccess file, limiting access to known IP Addresses

Plugin Details

Severity: Medium

ID: 115064

Type: remote

Family: Web Applications

Published: 12/4/2025

Updated: 12/4/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information

CWE: 16

OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A5

WASC: Application Misconfiguration

OWASP API: 2019-API7, 2023-API8