Product
Security hotfixes available for Adobe Experience Manager
Release date: August 9, 2016
Vulnerability identifier: APSB16-27
Priority: 2
CVE number: CVE-2016-4168, CVE-2016-4169, CVE-2016-4170, CVE-2016-4253
Platform: Windows, Unix, Linux and OS X
Summary
Adobe has released security hotfixes for Adobe Experience Manager. These hotfixes resolve two important input validation issues that could be used in cross-site scripting attacks (CVE-2016-4168 and CVE-2016-4170), an important vulnerability in backup functionality that could lead to information disclosure (CVE-2016-4253), and an important vulnerability that could disclose audit log events to unprivileged users (CVE-2016-4169).
Affected Versions
|
Affected Versions |
Platform |
|
6.2 |
Windows, Unix, Linux and OS X |
Adobe Experience Manager |
6.1 |
Windows, Unix, Linux and OS X |
|
6.0 |
Windows, Unix, Linux and OS X |
|
5.6.1 |
Windows, Unix, Linux and OS X |
Solution
Please visit the Adobe Experience Manager Help Page for more information on available hotfixes.
Vulnerability Details
Description |
CVE |
Affected Versions |
Download Package |
Hotfixes resolve an input validation issue that could be used in cross-site scripting attacks. |
CVE-2016-4168 |
6.1 and earlier versions |
|
Hotfixes resolve a vulnerability that could potentially disclose audit log events to unprivileged users. |
CVE-2016-4169 |
6.2, 6.1 and 6.0 |
|
Hotfixes resolve an input validation issue that could be used in cross-site scripting attacks. |
CVE-2016-4170 |
6.2 and earlier versions |
|
Hotfixes resolve a vulnerability in Backup functionality that could lead to information disclosure. |
CVE-2016-4253 |
6.2 and earlier versions |
Acknowledgments
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Adam Willard of Raytheon Foreground Security (CVE-2016-4168)
- Ninad Sarang (@hbkninad) (CVE-2016-4169)
- Franz Saller (CVE-2016-4170)
- Kyle Lovett (CVE-2016-4253)