Product
Last updated on
Jan 24, 2023
Security updates available for Adobe Experience Manager Forms
Release date: May 9, 2017
Vulnerability identifier: APSB17-16
Priority: 2
CVE number: CVE-2017-3067
Platform: Windows, Linux, Solaris and AIX
Summary
Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form. Adobe recommends users apply the available updates using the instructions provided in the "Solution" section below.
Affected versions
|
|
Affected version |
Platform |
|
Adobe Experience Manager Forms |
6.2 |
Windows, Linux, Solaris and AIX |
Solution
Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.
|
Product |
Fixed version |
Platform |
Priority rating |
Availability |
|
Adobe Experience Manager Forms 6.2 |
6.2 SP1 CFP3 |
Windows, Linux, Solaris and AIX |
2 |
|
|
Adobe Experience Manager Forms 6.1 |
6.1 SP2 CFP8 |
Windows, Linux, Solaris and AIX |
2 |
|
|
Adobe Experience Manager Forms 6.0 |
HotFix 2.0.58 |
Windows, Linux, Solaris and AIX |
2 |
Vulnerability Details
- These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.
Acknowledgments
Adobe would like to thank Ruben Reusser of headwire.com for reporting (CVE-2017-3067) and for working with Adobe to help protect our customers.