Bulletin ID
Last updated on
Security updates available for Adobe Experience Manager | APSB19-38
|
|
Date Published |
Priority |
|---|---|---|
|
APSB19-38 |
July 09, 2019 |
2 |
Summary
Adobe has released security updates for Adobe Experience Manager. These updates resolve one reflected cross-site scripting vulnerability rated Moderate, one stored cross-site scripting vulnerability rated Important and one cross-site request forgery vulnerability rated Important that could result in sensitive information disclosure.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Experience Manager |
6.4 6.3 6.2 6.1 6.0 |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
Adobe Experience Manager |
6.5 |
All |
2 |
|
6.4 |
All |
2 |
||
6.3 |
All |
2 |
Please contact Adobe customer care for assistance with earlier AEM versions.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
Affected Version |
Download Package |
|---|---|---|---|---|---|
|
Cross-Site Request Forgery |
Sensitive Information disclosure
|
Important
|
CVE-2019-7953 |
AEM 6.0 AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 |
|
|
Stored Cross-site Scripting |
Sensitive Information disclosure |
Important |
CVE-2019-7954 |
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
|
|
Reflected Cross-site Scripting |
Sensitive Information disclosure |
Moderate
|
CVE-2019-7955 |
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5
|
Note:
Note: the packages listed in the table above are the minimum fix packs to address the relevant vulnerability. For the latest versions, please see the release notes links referenced above.
Note: If you are running the AEM version earlier than AEM 6.3 and need assistance, please contact Adobe Customer Care.
Acknowledgments
Adobe would like to thank Lorenzo Pirondini from Netcentric, a Cognizant Digital Business for reporting (CVE-2019-7955) and for working with Adobe to help protect our customers.
Sign in to your account