Adobe Security Bulletin

Search

Security updates available for Adobe Experience Manager | APSB18-04

Bulletin ID

Date Published

Priority

APSB18-04

February 13, 2018

3

Summary

Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate, and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important

Affected product versions

Product

Version

Platform

Adobe Experience Manager

6.3

6.2

6.1

6.0

All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
Adobe Experience Manager
 6.3
 All 3 Release note
6.2 All 3 Release note
6.1 All 3 Release note
6.0 All 3 Release note

Please contact Adobe customer care for assistance with earlier AEM versions.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Numbers

Affected Version

Download Package

Reflected cross-site scripting

Sensitive Information disclosure

Moderate

CVE-2018-4875

AEM 6.0, AEM 6.1

HOTFIX 19729 for AEM 6.0.0

HOTFIX 9381 for AEM 6.1.0  

Cross-site scripting

Sensitive Information Disclosure

Important

CVE-2018-4876

AEM 6.1, AEM 6.2,AEM 6.3

Cumulative Fix Pack for 6.1 SP2 - AEM-6.1-SP2-CFP14

Cumulative Fix Pack for 6.2SP1 - AEM-6.2-SP1-CFP11

HOTFIX
21290 for AEM 6.3.0
Note:

The packages listed in the table above are the minimum fix packs to address the listed vulnerability.  For the latest versions, please see the release notes links referenced above.

Get help faster and easier

New user?

Quick links

View all your plans Manage your plans
View quick links
Hide quick links