Website vulnerabilities opportunity

Last update: Wed Mar 26 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

The website vulnerabilities opportunity identifies security vulnerabilities in the 3rd party libraries used by your application code. These vulnerabilities could be exploited by a malicious attacker, increasing the risk and decreasing the security posture of your website.

The website vulnerabilities opportunity displays a summary at the top of the page, including the following:

Found issues – The number of vulnerabilities found, categorized by the security risk they represent (low, medium, high).
Aggregated security risk – The overall security risk to your website based on the vulnerabilities found by the opportunity.

Auto-identify

Auto-identify website vulnerabilities

The Website Vulnerabilities Opportunity feature automatically identifies and lists vulnerabilities found in third-party libraries used by your application code. It provides the following details:

Library – The third-party library containing the vulnerability. A single library may have multiple vulnerabilities.
Current Version – The version of the library currently in use.
Recommended Version – The suggested version that resolves the vulnerability.
Score – The severity rating of the vulnerability, also summarized at the top of the page.
Vulnerability – The vulnerability identifier, a brief description, and a link to the National Vulnerability Database (NVD) for more details. Access the NVD link by clicking the identifier or the link next to the description.

Auto-suggest

Auto-suggest website vulnerabilities

Auto-suggest provides AI-generated suggestions for the Recommended version of vulnerable library you should upgrade to. Each entry has a Score indicating its overall severity, helping prioritize the most critical vulnerabilities.

Vulnerability details

Each vulnerability contains a link to the detailed information in the National Vulnerability Database (NVD). Clicking on the vulnerability identifier or the link item to the right of the description will take you to the NVD page for that vulnerability.

Ignore entries

You can choose to ignore entries from the vulnerability list. Selecting the ignore icon removes the entry from the list. Ignored entries can be re-engaged from the Ignored tab at the top of the opportunity page.

Auto-optimize

Ultimate

Auto-optimize website vulnerabilities

Sites Optimizer Ultimate adds the ability to deploy auto-optimization for the vulnerabilities found.

Deploy optimization

Our team is here to help! For support with technical optimizations, join our Slack channel and connect directly with our experts.

Request approval

If you are not able to deploy the optimization, you can request approval from your AEM Site’s administrator. Selecting Request approval will send an email to the AEM Site’s administrator with the details of the optimization. The administrator can then approve or reject the optimization.

recommendation-more-help