Security Bulletin for Adobe Campaign | APSB19-28
Bulletin ID Date Published Priority
APSB19-28 June 11, 2019 3

Summary

Adobe has released a security update for Adobe Campaign Classic. This update addresses a critical vulnerability that could result in arbitrary code execution. 

Affected versions

Product Affected version Platform
Adobe Campaign Classic
19.1.1-9026 (and earlier versions) Windows and Linux

Solution

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Adobe Campaign 19.1.1-9026 Windows and Linux 3 Release Notes

Vulnerability Details

 Vulnerability Category  Vulnerability Impact   Severity  CVE Number 
Insufficient input validation  Information Disclosure Important CVE-2019-7843
Information Exposure Through an Error Message Information Disclosure Moderate CVE-2019-7941
Improper error handling Information Disclosure Moderate CVE-2019-7846
Improper Restriction of XML External Entity Reference ('XXE') Arbitrary read access to the file system Important CVE-2019-7847
Inadequate access control Information Disclosure Moderate CVE-2019-7848
Sensitive data in source code Information Disclosure Important CVE-2019-7849
Command injection Arbitrary Code Execution Critical CVE-2019-7850

Acknowledgments

Adobe would like to thank Olivier Guerra of Aon's Cyber Solutions for reporting this issue (CVE-2019-7843) and for working with Adobe to help protect our customers.