安全性公告 ID
上次更新時間
2026年4月27日
Adobe Experience Manager (AEM) Screens 的安全性更新已推出 | APSB26-34
|
|
發布日期 |
優先順序 |
|---|---|---|
|
APSB26-34 |
2026 年 4 月 14 日 |
3 |
摘要
Adobe 已發佈 Adobe Experience Manager (AEM) Screens 的更新。此更新可解決評為重要弱點。成功利用此漏洞可能導致任意程式碼執行和權限提升。
Adobe 目前尚未發現這些更新程式解決的漏洞遭人利用之情事。
受影響的產品版本
| 產品 | 版本 | 平台 |
|---|---|---|
| Adobe Experience Manager (AEM) Screens |
6.5 Service Pack 24 或更早版本 | 全部 |
| Feature Pack 11.7 或更早版本 |
解決方法
Adobe 依照下列優先順序分級將這些更新分類,並建議使用者將其安裝更新至最新版本:
產品 |
版本 |
平台 |
優先順序 |
可用性 |
|---|---|---|---|---|
| Adobe Experience Manager (AEM) Screens |
Feature Pack 11.8 | 全部 | 3 |
漏洞詳細資料
| Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVSS vector |
CVE Number |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2026-27288 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Privilege escalation | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2026-34623 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2026-34624 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2026-34625 |
註解:
If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- green-jam: CVE-2026-27288, CVE-2026-34623, CVE-2026-34624, CVE-2026-34625
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
Revisions
December 18, 2025: Added CVE-2025-64538
December 10, 2025: Removed CVE-2025-64540
December 24, 2025: Added note - "AEM 6.5 and LTS versions are not impacted by the following CVEs: CVE-2025-64537, CVE-2025-64538, CVE-2025-64539."
如需詳細資訊,請造訪 https://helpx.adobe.com/tw/security.html,或傳送電子郵件至 PSIRT@adobe.com。
