CVE-2020-24444

Name of the Vulnerable Software and Affected Versions AEM Forms SP6 add-on for AEM 6.5.6.0 AEM Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2)

Description The issue is a blind Server-Side Request Forgery (SSRF) vulnerability. This could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network. The vulnerability may allow a remote attacker to gain unauthorized access to protected information using the HTTP protocol.

Recommendations For AEM Forms SP6 add-on for AEM 6.5.6.0, update to a version that includes the fix for this issue. For AEM Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2), update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to internal systems to minimize the risk of exploitation.