Adobe Security Bulletin
Security updates available for Adobe Experience Manager Forms | APSB19-24
Bulletin ID Date Published  Priority
APSB19-24 April 09, 2019 2


Adobe has released security updates for Adobe Experience Manager Forms. These updates resolve a stored cross-site scripting vulnerability rated Important that could result in sensitive information disclosure.

Affected product versions

Product Affected version Platform
Adobe Experience Manager Forms




Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Product Version Platform Priority Availability
Adobe Experience Manager Forms 6.4 All 2 Releases and Updates
6.3 All 2 Releases and Updates
6.2 All 2 Releases and Updates

Please contact Adobe customer care for assistance with earlier AEM Forms versions.

Vulnerability Details

Vulnerability Category Vulnerability Impact  Severity CVE Number  Affected Versions Download Package 
Stored Cross-site Scripting Sensitive Information disclosure  Important   CVE-2019-7129 

AEM 6.2

AEM 6.3 

AEM 6.4

Cumulative Fix Pack for AEM 6.2 SP1-CFP15

Cumulative Fix Pack for 6.3 - AEM-

Service Pack for 6.4 - AEM-

Note: The packages listed in the table above are the minimum fix packs to address the relevant vulnerability.  For the latest versions, please see the release notes links referenced above.


Adobe would like to thank Ryne Hanson (@hansonet) for reporting (CVE-2019-7129) and for working with Adobe to help protect our customers.