Security Bulletin for Adobe Campaign | APSB19-28
Bulletin ID Date Published Priority
APSB19-28 June 11, 2019 3

Summary

Adobe has released a security update for Adobe Campaign Classic. This update addresses a moderate vulnerability that could result in arbitrary code execution. 

Affected versions

Product Affected version Platform
Adobe Campaign Classic
18.10.5-8984 (and earlier versions) Windows and Linux

Solution

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Adobe Campaign 19.1.4-9031 Windows and Linux 3 Release Notes

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Number
Insufficient input validation Information Disclosure Important CVE-2019-7843
Improper error handling Information Disclosure Moderate CVE-2019-7846
Inadequate access control Information Disclosure Moderate CVE-2019-7848
Command injection Arbitrary Code Execution Critical CVE-2019-7850

Acknowledgments

Adobe would like to thank Olivier Guerra of Aon's Cyber Solutions for reporting this issue (CVE-2019-7843) and for working with Adobe to help protect our customers.

Revisions

June 14, 2019: Removed reference to CVE-2019-7849.  This CVE was erroneously included in the original bulletin content.  

July 31, 2019: Changed updated version from 19.1.1-9026 to 19.1.4-9031 due to regression in the former.

August 15, 2019: Updated Severity of CVE-2019-7850 to Critical.

August 19, 2019: Removed references to CVE-2019-7941 & CVE-2019-7847. These CVEs were erroneously included in the original bulletin content.