Release date: December 13, 2016
Last updated: December 14, 2016
Vulnerability identifier: APSB16-42
Priority: 2
CVE number: CVE-2016-7882, CVE-2016-7883, CVE-2016-7884, CVE-2016-7885
Platform: All
Adobe has released security updates for Adobe Experience Manager. These updates resolve three important input validation issues that could be used in cross-site scripting attacks (CVE-2016-7882, CVE-2016-7883 and CVE-2016-7884), and include an update to protect users from an important Cross-Site Request Forgery vulnerability (CVE-2016-7885).
Product | Versions | Priority rating | Availability |
---|---|---|---|
6.2 |
2 | Release note | |
Adobe Experience Manager | 6.1 | 2 | Release note |
6.0 | 2 | Release note |
Please contact Adobe customer care for assistance with earlier AEM versions.
Description | CVE | Affected Versions | Download Package |
---|---|---|---|
Updates resolve an important input validation issue in WCMDebug filter that could be used in cross-site scripting attacks. |
CVE-2016-7882 |
6.2 and earlier versions | Hotfix 12444 for 6.2 Hotfix 12444 for 6.1 SP2 [0] Hotfix 12444 for 6.0 SP3 |
Updates resolve an important input validation issue in create launch Wizard that could be used in cross-site scripting attacks. |
CVE-2016-7883 |
6.2 | Hotfix 13062 for 6.2 |
Updates resolve an important input validation issue in DAM create assets that could be used in cross-site scripting attacks. |
CVE-2016-7884 |
6.1 and earlier versions | Cumulative Fix pack for 6.1 SP2 Hotfix 13297 for 6.0 SP3 |
Updates in the Jackrabbit component to protect users from Cross-Site Request Forgery. |
CVE-2016-7885 | 6.2 and earlier versions | Hotfix 13547 for 6.2 Hotfix 12817 for 6.1 Hotfix 12846 for 6.0 |