AEM - Adobe Experience Manager UserInfo Servlet Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


AEM - Adobe Experience Manager UserInfo Servlet Scanner Detail

If UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.

AEM - Adobe Experience Manager is an enterprise-grade CMS. AEM is widely used by high-profile companies. AEM is big and complex. AEM also has 26 known CVEs. Misconfigured AEM applications can cause many critical vulnerabilities.

Some Advice for Common Problems

Access restriction should be applied.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service