Bulletin ID
Security updates available for Adobe Experience Manager | APSB20-08
|  | Date Published | Priority | 
|---|---|---|
| APSB20-08 | February 11, 2020 | 2 | 
Summary
Adobe has released security hotfixes for Adobe Experience Manager (AEM). These hotfixes resolve a vulnerability in AEM versions 6.5 and 6.4 rated Important. Successful exploitation could result in a denial-of-service condition.
Affected product versions
| Product | Version | Platform | 
|---|---|---|
| Adobe Experience Manager | 6.5 6.4 | All | 
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority | Availability | 
|---|---|---|---|---|
| 
 Adobe Experience Manager | 6.5 | All | 2 | AEM-6.5.4.0 (Package Share) AEM-6.5.4.0 (Software Distribution) cq-6.5.0-hotfix-31870 (Package Share) 6.5.0-hotfix-31870-1.2 (Software Distribution) | 
| 6.4 | All | 2 | AEM-6.4.8.0 (Package Share) AEM-6.4.8.0 (Software Distribution) cq-6.4.0-hotfix-31868 (Package Share) 6.4.0-hotfix-31868-1.2 (Software Distribution) | 
The 6.5 hotfix should be installed on AEM 6.5.3.0
The 6.4 hotfix should be installed on AEM 6.4.7.0
See here for more information on the new Software Distribution interface.
Vulnerability details
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number  | Affected Versions | 
|---|---|---|---|---|
| Uncontrolled Resource Consumption | Denial-of-service | Important | CVE-2020-3741 | AEM 6.4 AEM 6.5 | 
AEM versions 6.3 and below are not impacted by this issue.