Product
Security updates available for Adobe Experience Manager
Release date: February 9, 2016
Last updated: February 12, 2016
Vulnerability identifier: APSB16-05
Priority: 2
CVE number: CVE-2016-0955, CVE-2016-0956, CVE-2016-0957, CVE-2016-0958
Platform: Windows, Unix, Linux and OS X
Summary
Adobe has released security hot fixes for Adobe Experience Manager. These hot fixes resolve important vulnerabilities that could potentially lead to information disclosure.
Affected Versions
|
Affected Versions |
Platform |
|
6.1.0 |
Windows, Unix, Linux and OS X |
Adobe Experience Manager |
6.0.0 |
Windows, Unix, Linux and OS X |
|
5.6.1 |
Windows, Unix, Linux and OS X |
Solution
Please visit the Adobe Experience Manager Help Page for more information on available hot fixes.
Vulnerability Details
Description |
CVE |
Download Package |
|
CVE-2016-0958 |
|
|
CVE-2016-0955 |
|
|
CVE-2016-0956 |
|
|
CVE-2016-0957 |
Acknowledgments
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Damian Pfammatter of Compass Security Schweiz AG (CVE-2016-0955)
- Ateeq ur Rehman Khan - Vulnerability Labs (@CyberCrimeNEWS) (CVE-2016-0956)
Revisions
February 12, 2016:
- Added "and earlier versions" to clarify that CVE-2016-0956 affects Apache Sling Servlets Post 2.3.6 and earlier versions.
- Modified the description of CVE-2016-0955 to clarify that only version 6.1.0 is affected. Versions prior to AEM 6.1.0 are not affected by CVE-2016-0955.
- Reformatted the Vulnerability Details section in a tabular format and included URLs to the download packages for each hotfix.