Adobe Security Bulletin

Security updates available for Adobe Experience Manager Forms

Release date: December 13, 2016

Vulnerability identifier: APSB16-40

Priority: 3

CVE number: CVE-2016-6933, CVE-2016-6934

Platform: Windows, Linux, Solaris and AIX

Summary

Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks (CVE-2016-6933 and CVE-2016-6934). Adobe recommends users apply the available updates using the instructions provided in the "Solution" section below. 

Note: In 2015, AEM Forms became the successor to Adobe LiveCycle.  

Affected versions

Product

Affected version

Platform

Adobe Experience Manager Forms

6.2
6.1
6.0

Windows, Linux, Solaris and AIX

LiveCycle

11.0.1
10.0.4

Windows, Linux, Solaris and AIX

Solution

Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.

Product

Fixed version

Platform

Priority rating

Adobe Experience Manager Forms 6.2

Windows, Linux, Solaris and AIX

3

Adobe Experience Manager Forms 6.1

Windows, Linux, Solaris and AIX

3

Adobe Experience Manager Forms 6.0

Windows, Linux, Solaris and AIX

3

LiveCycle 11.0.1

Windows, Linux, Solaris and AIX

3

LiveCycle 10.0.4

Windows, Linux, Solaris and AIX

3

Vulnerability Details

Description

CVE

Fixed version

Updates resolve an input validation issue in the AACComponent that could be used in cross-site scripting attacks.

CVE-2016-6933 

Updates resolve an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.

CVE-2016-6934

Acknowledgments

Adobe would like to thank Adam Willard of Blue Canopy for reporting these issues (CVE-2016-6933 and CVE-2016-6934) and for working with Adobe to help protect our customers.

Adobe, Inc.

احصل على مساعدة بشكل أسرع وأسهل

مستخدم جديد؟