Adobe Experience Manager exposed user passwords via querybuilder
Description
Adobe Experience Manager (AEM) is a comprehensive content management solution for building websites, mobile applications, and forms.
This vulnerability allows unauthorized users to access sensitive user credential information through the querybuilder endpoint. Specifically, the endpoint exposes password hashes stored in the AEM repository without proper access controls, enabling attackers to retrieve this sensitive data without authentication.
Remediation
Immediately apply the latest Adobe Experience Manager security hotfixes as documented in security bulletin APSB25-90. Follow these steps to remediate the vulnerability:<br/><br/>1. Review the official Adobe security bulletin (APSB25-90) to identify the appropriate hotfix version for your AEM installation<br/>2. Schedule a maintenance window and create a complete backup of your AEM instance before applying patches<br/>3. Download and install the security hotfix following Adobe's deployment guidelines for your specific AEM version<br/>4. After patching, verify that the querybuilder endpoint properly enforces authentication and authorization controls<br/>5. Audit system logs for any suspicious querybuilder API access prior to patching to identify potential compromise<br/>6. Consider forcing password resets for privileged accounts if unauthorized access to the querybuilder endpoint is detected in logs<br/>7. Implement network-level access controls to restrict querybuilder endpoint access to authorized IP addresses only<br/><br/>For immediate risk mitigation while preparing to patch, restrict access to the /bin/querybuilder endpoint through your web server or dispatcher configuration.