某些 Creative Cloud 应用程序、服务和功能在中国不可用。
Adobe has released security updates for Adobe Experience Manager. These updates resolve one reflected cross-site scripting vulnerability rated Moderate, one stored cross-site scripting vulnerability rated Important and one cross-site request forgery vulnerability rated Important that could result in sensitive information disclosure.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
Adobe Experience Manager |
6.5 |
All |
2 |
|
6.4 |
All |
2 |
||
6.3 |
All |
2 |
Please contact Adobe customer care for assistance with earlier AEM versions.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers | Affected Version | Download Package |
Cross-Site Request Forgery |
Sensitive Information disclosure
|
Important
|
CVE-2019-7953 |
AEM 6.0 AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 |
|
Stored Cross-site Scripting |
Sensitive Information disclosure |
Important |
CVE-2019-7954 |
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Cumulative Fix Pack for 6.3 SP3 - AEM-6.3.3.5 |
Reflected Cross-site Scripting |
Sensitive Information disclosure |
Moderate
|
CVE-2019-7955 |
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5
|
Cumulative Fix Pack for 6.3 SP3 - AEM-6.3.3.5 |
Opomba:
Note: the packages listed in the table above are the minimum fix packs to address the relevant vulnerability. For the latest versions, please see the release notes links referenced above.
Note: If you are running the AEM version earlier than AEM 6.3 and need assistance, please contact Adobe Customer Care.