U.S. Dept Of Defense: AEM misconfiguration leads to Information disclosure

Sensitive information was disclosed due to a misconfiguration in AEM, allowing access to internal usernames and webroot directories by appending /.1.json to certain URLs. This could lead to unauthorized access, social engineering attacks, and reputation damage...