Adobe Security Bulletin

Last updated on 27 Dec 2022

Security updates available for Adobe Experience Manager Forms

Release date: December 13, 2016

Vulnerability identifier: APSB16-40

Priority: 3

CVE number: CVE-2016-6933, CVE-2016-6934

Platform: Windows, Linux, Solaris and AIX

Summary

Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks (CVE-2016-6933 and CVE-2016-6934). Adobe recommends users apply the available updates using the instructions provided in the "Solution" section below.

Note: In 2015, AEM Forms became the successor to Adobe LiveCycle.

Affected versions

Product	Affected version	Platform
Adobe Experience Manager Forms	6.2 6.1 6.0	Windows, Linux, Solaris and AIX
LiveCycle	11.0.1 10.0.4	Windows, Linux, Solaris and AIX

Solution

Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.

Product	Fixed version	Platform	Priority rating
Adobe Experience Manager Forms 6.2	AEMForms-6.2.0-0002	Windows, Linux, Solaris and AIX	3
Adobe Experience Manager Forms 6.1	6.1.0-COR-1064-012 6.1.0-PRM-1065-020	Windows, Linux, Solaris and AIX	3
Adobe Experience Manager Forms 6.0	6.0.0-COR-1042-015 6.0.0-PRM-1043-020	Windows, Linux, Solaris and AIX	3
LiveCycle 11.0.1	11.0.1-COR-1155-044 11.0.1-PRM-1161-017	Windows, Linux, Solaris and AIX	3
LiveCycle 10.0.4	10.0.4-COR-1064-025 10.0.4-PRM-1065-007	Windows, Linux, Solaris and AIX	3

Vulnerability Details

Description	CVE	Fixed version
Updates resolve an input validation issue in the AACComponent that could be used in cross-site scripting attacks.	CVE-2016-6933	AEMForms-6.2.0-0002 6.1.0-COR-1064-012 6.0.0-COR-1042-015 11.0.1-COR-1155-044 10.0.4-COR-1064-025
Updates resolve an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.	CVE-2016-6934	AEMForms-6.2.0-0002 6.1.0-PRM-1065-020 6.0.0-PRM-1043-020 11.0.1-PRM-1161-017 10.0.4-PRM-1065-007

Acknowledgments

Adobe would like to thank Adam Willard of Blue Canopy for reporting these issues (CVE-2016-6933 and CVE-2016-6934) and for working with Adobe to help protect our customers.

Get help faster and easier

New user?