Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
Adobe Experience Manager |
6.4 |
All |
2 |
|
6.3 |
All |
2 |
||
6.2 |
All |
2 |
||
6.1 |
All |
2 |
||
6.0 |
All |
2 |
Please contact Adobe customer care for assistance with earlier AEM versions.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers | Affected Version | Download Package |
Stored Cross-site Scripting
|
Sensitive Information disclosure
|
Important
|
CVE-2018-15969
|
AEM 6.3
AEM 6.4
|
Service Pack for 6.3 - AEM-6.3.3.0
Service Pack for 6.4 - AEM-6.4.2.0
|
Reflected Cross-site Scripting
|
Sensitive Information disclosure
|
Moderate
|
CVE-2018-15970
|
AEM 6.4
|
Service Pack for 6.4 - AEM-6.4.2.0
|
Reflected Cross-site Scripting
|
Sensitive Information disclosure
|
Moderate
|
CVE-2018-15971
|
AEM 6.4
|
Service Pack for 6.4 - AEM-6.4.2.0
|
Stored Cross-site Scripting
|
Sensitive Information disclosure
|
Important
|
CVE-2018-15972
|
AEM 6.1 to AEM 6.4
|
Cumulative Fix Pack for 6.1 SP2 – AEM-6.1-SP2-CFP17
Cumulative Fix Pack for 6.2 SP1 – AEM-6.2-SP1-CFP15
Cumulative Fix Pack for 6.3 SP2 – AEM-6.3.2.2
Service Pack for 6.4 - AEM-6.4.2.0
|
Stored Cross-site Scripting
|
Sensitive Information disclosure
|
Important
|
CVE-2018-15973
|
AEM 6.0 to AEM 6.4
|
Cumulative Fix Pack for 6.1 SP2 – AEM-6.1-SP2-CFP17
Cumulative Fix Pack for 6.2 SP1 – AEM-6.2-SP1-CFP16
Service Pack for 6.3 - AEM-6.3.3.0
Service Pack for 6.4 - AEM-6.4.2.0
|
Note:
The packages listed in the table above are the minimum fix packs to address the listed vulnerability. For the latest versions, please see the release notes links referenced above.