Security updates available for Adobe Experience Manager | APSB20-08
Bulletin ID Date Published Priority
APSB20-08 February 11, 2020 2

Summary

Adobe has released security hotfixes for Adobe Experience Manager (AEM). These hotfixes resolve a vulnerability in AEM versions 6.5 and 6.4 rated Important.  Successful exploitation could result in a denial-of-service condition.  

Affected product versions

Product Version Platform
Adobe Experience Manager

6.5

6.4

All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

 

Adobe Experience Manager

6.5

All

2

AEM-6.5.4.0 (Package Share)

AEM-6.5.4.0 (Software Distribution)

cq-6.5.0-hotfix-31870 (Package Share)

6.5.0-hotfix-31870-1.2 (Software Distribution)

6.4

All

2

AEM-6.4.8.0 (Package Share)

AEM-6.4.8.0 (Software Distribution)

cq-6.4.0-hotfix-31868 (Package Share)

6.4.0-hotfix-31868-1.2 (Software Distribution)

Note:

The 6.5 hotfix should be installed on AEM 6.5.3.0

The 6.4 hotfix should be installed on AEM 6.4.7.0

Note:

See here for more information on the new Software Distribution interface.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number 

Affected Versions
Uncontrolled Resource Consumption Denial-of-service Important CVE-2020-3741

AEM 6.4

AEM 6.5

Note:

AEM versions 6.3 and below are not impacted by this issue.