Bulletin ID
Security updates available for Adobe Experience Manager | APSB17-26
|
Date Published |
Priority |
---|---|---|
APSB17-26 |
August 08, 2017 |
2 |
Summary
Affected product versions
Product |
Version |
Platform |
---|---|---|
Adobe Experience Manager |
6.3 6.2 6.1 6.0 |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product | Version | Platform | Priority | Availability |
---|---|---|---|---|
Adobe Experience Manager |
6.3 |
All | 2 | Release note |
6.2 | All | 2 | Release note |
|
6.1 | All | 2 | Release note |
|
6.0 | All | 2 | Release note |
Please contact Adobe customer care for assistance with earlier AEM versions.
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
Affected Version |
Download Package |
---|---|---|---|---|---|
Disclosure of product version number |
Information disclosure |
Moderate |
CVE-2017-3107 |
AEM 6.3 and earlier |
|
Insufficient file type validation during file upload |
Arbitrary code execution attacks |
Important |
CVE-2017-3108 |
AEM 6.2 and earlier |
|
Internal Information Disclosure in Output |
Information disclosure |
Moderate |
CVE-2017-3110 |
AEM 6.1 and earlier |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Anonymously reported (CVE-2017-3107, CVE-2017-3108, CVE-2017-3110)
Revisions
August 9, 2017: The summary section incorrectly classified CVE-2017-3108 as Moderate. CVE-2017-3108 is rated Important, as noted in the Vulnerability Details table, and the summary section has been corrected.