Adobe Security Bulletin

Security updates available for Adobe Experience Manager Forms

Release date: May 9, 2017

Vulnerability identifier: APSB17-16

Priority: 2

CVE number: CVE-2017-3067

Platform: Windows, Linux, Solaris and AIX

Summary

Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important  information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form. Adobe recommends users apply the available updates using the instructions provided in the "Solution" section below. 

Affected versions

Product

Affected version

Platform

Adobe Experience Manager Forms

6.2
6.1
6.0

Windows, Linux, Solaris and AIX

Solution

Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.

Product

Fixed version

Platform

Priority rating

Availability

Adobe Experience Manager Forms 6.2

6.2 SP1 CFP3

Windows, Linux, Solaris and AIX

2

Adobe Experience Manager Forms 6.1

6.1 SP2 CFP8

Windows, Linux, Solaris and AIX

2

Adobe Experience Manager Forms 6.0

HotFix 2.0.58

Windows, Linux, Solaris and AIX

2

Vulnerability Details

  • These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form. 

Acknowledgments

Adobe would like to thank Ruben Reusser of headwire.com for reporting (CVE-2017-3067) and for working with Adobe to help protect our customers.

Adobe logo

Logige oma kontole sisse