Bulletin ID
Last updated on
May 16, 2021
Security updates available for Adobe Experience Manager | APSB20-01
|
|
Date Published |
Priority |
|---|---|---|
|
APSB20-01 |
January 14, 2020 |
2 |
Summary
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Experience Manager |
6.5 6.4 6.3 6.2 6.1 6.0 |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
Adobe Experience Manager |
6.5 |
All |
2 |
|
6.4 |
All |
2 |
||
6.3 |
All |
2 |
Please contact Adobe customer care for assistance with earlier AEM versions.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
Affected Versions |
Download Package |
|---|---|---|---|---|---|
|
Cross-Site Script Inclusion |
Sensitive Information disclosure
|
Important |
CVE-2019-16466 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
|
|
Reflected Cross-Site Scripting |
Sensitive Information disclosure |
Important |
CVE-2019-16467 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
|
|
User Interface Injection
|
Sensitive Information Disclosure
|
Moderate
|
CVE-2019-16468
|
AEM 6.3 AEM 6.4 AEM 6.5 |
|
|
Expression Language injection |
Sensitive Information Disclosure |
Important |
CVE-2019-16469 |
AEM 6.5 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Lorenzo Pirondini (Netcentric, a Cognizant Digital Business) (CVE-2019-16466, CVE-2019-16468)
- Valerio Brussani (https://www.linkedin.com/in/valeriobrussani) (CVE-2019-16469)
Revisions
January 16, 2020: Modified the vulnerability category of CVE-2019-16466 from "Reflected Cross-Site Scripting" to "Cross-Site script inclusion".
March 19, 2020: Added AEM versions 6.1 and 6.2 to the vulnerability details table for CVE-2019-16466 and CVE-2019-16467.