Adobe Security Bulletin

Security updates available for Adobe Experience Manager | APSB18-04

Bulletin ID

Date Published

Priority

APSB18-04

February 13, 2018

3

Summary

Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate, and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important

Affected product versions

Product

Version

Platform

Adobe Experience Manager

6.3

6.2

6.1

6.0

All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
Adobe Experience Manager
6.3
All 3 Release note
6.2 All 3 Release note
6.1 All 3 Release note
6.0 All 3 Release note

Please contact Adobe customer care for assistance with earlier AEM versions.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Numbers

Affected Version

Download Package

Reflected cross-site scripting

Sensitive Information disclosure

Moderate

CVE-2018-4875

AEM 6.0, AEM 6.1

Cross-site scripting

Sensitive Information Disclosure

Important

CVE-2018-4876

AEM 6.1, AEM 6.2,AEM 6.3

Note:

The packages listed in the table above are the minimum fix packs to address the listed vulnerability.  For the latest versions, please see the release notes links referenced above.

Adobe logo

Sign in to your account

[Feedback V2 Badge]