Security Bulletin for Adobe Campaign | APSB19-28
Bulletin ID Date Published Priority
APSB19-28 June 11, 2019 3

Summary

Adobe has released a security update for Adobe Campaign Classic. This update addresses vulnerabilities rated Critical, Important and Moderate that could result in arbitrary code execution. 

Affected versions

Product Affected version Platform
Adobe Campaign Classic
18.10.5-8984 (and earlier versions) Windows and Linux

Solution

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Adobe Campaign 19.1.4-9031 Windows and Linux 3 Release Notes

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Number
Insufficient input validation Information Disclosure Important CVE-2019-7843
Improper error handling Information Disclosure Moderate CVE-2019-7846
Inadequate access control Information Disclosure Moderate CVE-2019-7848
Command injection Arbitrary Code Execution Critical CVE-2019-7850

Acknowledgments

Adobe would like to thank Olivier Guerra of Aon's Cyber Solutions for reporting this issue (CVE-2019-7843) and for working with Adobe to help protect our customers.

Revisions

June 14, 2019: Removed reference to CVE-2019-7849.  This CVE was erroneously included in the original bulletin content.  

July 31, 2019: Changed updated version from 19.1.1-9026 to 19.1.4-9031 due to regression in the former.

August 15, 2019: Updated Severity of CVE-2019-7850 to Critical.

August 19, 2019: Removed references to CVE-2019-7941 & CVE-2019-7847. These CVEs were erroneously included in the original bulletin content. 

May 14, 2020: Modified the summary to reflect the critical, important and moderate severity vulnerabilities referenced in this bulletin.