Release date: August 9, 2016
Vulnerability identifier: APSB16-27
Priority: 2
CVE number: CVE-2016-4168, CVE-2016-4169, CVE-2016-4170, CVE-2016-4253
Platform: Windows, Unix, Linux and OS X
Adobe has released security hotfixes for Adobe Experience Manager. These hotfixes resolve two important input validation issues that could be used in cross-site scripting attacks (CVE-2016-4168 and CVE-2016-4170), an important vulnerability in backup functionality that could lead to information disclosure (CVE-2016-4253), and an important vulnerability that could disclose audit log events to unprivileged users (CVE-2016-4169).
Product | Affected Versions | Platform |
---|---|---|
6.2 | Windows, Unix, Linux and OS X | |
Adobe Experience Manager | 6.1 | Windows, Unix, Linux and OS X |
6.0 | Windows, Unix, Linux and OS X | |
5.6.1 | Windows, Unix, Linux and OS X |
Please visit the Adobe Experience Manager Help Page for more information on available hotfixes.
Description | CVE | Affected Versions | Download Package |
---|---|---|---|
Hotfixes resolve an input validation issue that could be used in cross-site scripting attacks. |
CVE-2016-4168 |
6.1 and earlier versions | Hotfix 9639 for 6.1 Hotfix 10767 for 6.0 Hotfix 10764 for 5.6.1 |
Hotfixes resolve a vulnerability that could potentially disclose audit log events to unprivileged users. |
CVE-2016-4169 |
6.2, 6.1 and 6.0 | Hotfix 10956 for 6.2 Hotfix 10768 for 6.1 Hotfix 10767 for 6.0 |
Hotfixes resolve an input validation issue that could be used in cross-site scripting attacks. |
CVE-2016-4170 |
6.2 and earlier versions | Hotfix 10936 for 6.2 Hotfix 10936 for 6.1 Hotfix 10936 for 6.0 Hotfix 10936 for 5.6.1 |
Hotfixes resolve a vulnerability in Backup functionality that could lead to information disclosure. |
CVE-2016-4253 | 6.2 and earlier versions | Hotfix 10870 for 6.2 Hotfix 10870 for 6.1 Hotfix 10870 for 6.0 Hotfix 10870 for 5.6.1 |
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Adam Willard of Raytheon Foreground Security (CVE-2016-4168)
- Ninad Sarang (@hbkninad) (CVE-2016-4169)
- Franz Saller (CVE-2016-4170)
- Kyle Lovett (CVE-2016-4253)