CVE-2024-43722 – Adobe Experience Manager versions 6.5.21 and ea... (How to Fix)

Q: What is the severity of CVE-2024-43722?

CVE-2024-43722 has a CVSS score of 5.4 (MEDIUM). Adobe Experience Manager versions 6.5.21 and earlier contain a DOM-based Cross-Site Scripting vulnerability that allows attackers to execute arbitrary JavaScript in victims' browsers by manipulating URLs or user input. This requires user interaction where victims access malicious links. The vulnerability affects AEM instances with web interfaces accessible to users.

📋 TL;DR

Adobe Experience Manager versions 6.5.21 and earlier contain a DOM-based Cross-Site Scripting vulnerability that allows attackers to execute arbitrary JavaScript in victims' browsers by manipulating URLs or user input. This requires user interaction where victims access malicious links. The vulnerability affects AEM instances with web interfaces accessible to users.

💻 Affected Systems

Products:

Adobe Experience Manager

Versions: 6.5.21 and earlier

Operating Systems: All platforms running AEM

Default Config Vulnerable: ⚠️ Yes

Notes: All AEM installations with web interfaces are affected. The vulnerability requires user interaction through crafted URLs or input fields.

📦 What is this software?

Experience Manager by Adobe

View all CVEs affecting Experience Manager →

Experience Manager by Adobe

View all CVEs affecting Experience Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals authenticated session cookies, performs actions as the victim user (including administrative actions if victim has admin privileges), and potentially compromises the entire AEM instance.

🟠

Likely Case

Attacker steals user session cookies to gain unauthorized access to the AEM system, potentially accessing sensitive content or performing unauthorized content modifications.

🟢

If Mitigated

With proper input validation and output encoding, the attack would fail to execute malicious scripts, limiting impact to failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (victim clicking malicious link) and knowledge of vulnerable DOM elements. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.5.22 or later

Vendor Advisory: https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html

Restart Required: Yes

Instructions:

1. Download Adobe Experience Manager 6.5.22 or later from Adobe's distribution portal. 2. Apply the service pack following Adobe's installation instructions. 3. Restart the AEM instance. 4. Verify the update was successful.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement custom servlet filters to sanitize user input and URL parameters before processing.

Implement Java servlet filter with input validation logic for all user-controlled parameters

Content Security Policy

all

Implement strict Content Security Policy headers to restrict script execution sources.

Add 'Content-Security-Policy: script-src 'self'' to HTTP response headers

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to detect and block XSS payloads in URLs and parameters
Educate users about phishing risks and implement URL filtering to block suspicious links

🔍 How to Verify

Check if Vulnerable:

Check AEM version via CRXDE Lite or system console. If version is 6.5.21 or earlier, the system is vulnerable.

Check Version:

curl -k https://<aem-host>:<port>/system/console/status-productinfo | grep 'Adobe Experience Manager'

Verify Fix Applied:

After patching, verify version is 6.5.22 or later and test vulnerable endpoints with XSS payloads to confirm they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual URL parameters containing script tags or JavaScript code
Multiple failed login attempts from unexpected user sessions
Requests with encoded script payloads in query strings

Network Indicators:

HTTP requests containing <script> tags or javascript: URIs in parameters
Unusual redirect patterns to external domains

SIEM Query:

source="aem-access.log" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2024-43722

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: December 10, 2024

Last Updated: December 17, 2024

🔗 References

https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43722, you might also want to check these: