AEM - Adobe Experience Manager UserInfo Servlet Scanner
If UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Parent Category
AEM - Adobe Experience Manager UserInfo Servlet Scanner Detail
AEM - Adobe Experience Manager is an enterprise-grade CMS. AEM is widely used by high-profile companies. AEM is big and complex. AEM also has 26 known CVEs. Misconfigured AEM applications can cause many critical vulnerabilities.
Try it yourself,
control security posture
control security posture