Adobe Critical Security Hotfix for AEM 5.5.0-6.1

Adobe today released a Critical Hotfix for AEM to patch a flaw (CVE-2015-7501) classified as CVSS 10.0 (highest criticality in the Common Vulnerability Scoring System). You can find information about the Hotfix by logging into your Adobe PackageShare, or by visiting https://www.adobeaemcloud.com/content/marketplace/marketplaceProxy.html?packagePath=/content/companies/public/adobe/packages/cq/hotfix/cq-ALL-hotfix-NPR-8364. Also, here is a blog post that explains the java deserialization vulnerability in more detail.

We join with Adobe in recommending that this Hotfix be applied as soon as possible to all AEM servers 5.5.0-6.1.

If you need any background on the issue, or help figuring out how to apply this to your environments, please don’t hesitate to contact us: @axis41 or info@aempodcast.com.