Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adobe AEM Installed OSGI Bundles

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#aem#adobe
Description

What is the "Adobe AEM Installed OSGI Bundles?" module?

The "Adobe AEM Installed OSGI Bundles" module is designed to detect misconfigurations in Adobe Experience Manager (AEM) installations. AEM is a content management system that allows organizations to create, manage, and deliver digital experiences across various channels.

This module focuses on identifying misconfigured OSGi bundles within AEM, which can potentially lead to security vulnerabilities. The severity of this module is classified as low, indicating that the detected misconfigurations may not pose an immediate threat but should still be addressed to ensure the overall security of the AEM installation.

This module was authored by dhiyaneshDk.

Impact

If misconfigured OSGi bundles are detected, it could indicate potential security weaknesses in the AEM installation. Attackers may exploit these vulnerabilities to gain unauthorized access, manipulate content, or disrupt the functionality of the system.

How does the module work?

The "Adobe AEM Installed OSGI Bundles" module utilizes HTTP request templates and matching conditions to identify misconfigured OSGi bundles within AEM.

One example of an HTTP request used by this module is:

GET /bin.tidy.infinity.json

The module applies the following matching conditions:

- Matchers 1: Looks for the presence of specific words, such as "jcr:primaryType" and "jcr:uuid", indicating the presence of OSGi bundles. - Matchers 2: Verifies that the HTTP response status is 200, indicating a successful request.

If both matching conditions are met, the module identifies the presence of misconfigured OSGi bundles within the AEM installation.

For more information, you can refer to the reference provided.

Metadata: shodan-query: http.title:"AEM Sign In",http.component:"Adobe Experience Manager"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/bin.tidy.infinity.j...
Matching conditions
word: "jcr:primaryType":, "jcr:uuid":and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability