Adobe Security Bulletin

Security updates available for Adobe Experience Manager | APSB24-28

Bulletin ID

Date Published

Priority

APSB24-28

June 11, 2024

3

Summary

Adobe has released updates for Adobe Experience Manager (AEM). These updates resolve vulnerabilities rated criticalimportant and moderate. Successful exploitation of these vulnerabilities could result in arbitrary code execution, arbitrary file system read and security feature bypass.

Affected product versions

Product Version Platform
Adobe Experience Manager (AEM)
AEM Cloud Service (CS)
All
6.5.20 and earlier versions 
All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe Experience Manager (AEM) 
AEM Cloud Service Release 2024.5
All 3 Release Notes
6.5.21 All

3

AEM 6.5 Service Pack Release Notes 
Note:

Customers running on Adobe Experience Manager’s Cloud Service will automatically receive updates that include new features as well as security and functionality bug fixes.  

Note:

Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3 and 6.2.

Vulnerability Details

Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Number
Improper Access Control (CWE-284)
Security feature bypass
Critical 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2024-26029
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2024-26036
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2024-26037
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2024-26039
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CVE-2024-26049
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2024-26053
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2024-26057
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26058
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26066
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26068
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26070
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26071
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26072
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26074
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26075
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26077
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26078
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26081
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26082
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26083
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26085
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26088
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26089
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26090
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26091
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26092
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26093
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26095
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26110
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26111
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26113
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26114
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26115
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26116
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26117
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26121
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26123
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-20769
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-20784
Improper Input Validation (CWE-20)
Security feature bypass
Moderate 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVE-2024-26126
Improper Input Validation (CWE-20)
Security feature bypass
Moderate 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVE-2024-26127
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26054
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26055
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26060
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26086
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-34119
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-34120
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36141
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36142
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36143
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36144
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36146
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36147
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36148
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36149
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36150
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36151
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36152
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36153
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36154
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36155
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36156
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36157
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36158
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36159
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36160
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36161
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36162
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36163
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36164
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36165
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36166
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36167
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36168
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36169
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36170
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36171
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36172
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36173
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36174
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36175
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36176
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36177
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36178
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36179
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36180
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36181
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36182
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36183
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36184
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36185
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36186
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36187
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36188
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36189
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36190
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36191
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36192
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36193
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36194
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36195
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36196
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36197
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36198
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36199
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36200
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36201
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36202
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36203
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36204
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36205
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36206
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36207
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36208
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36209
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36210
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36211
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36212
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36213
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36214
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36215
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36216
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36217
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36218
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36219
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36220
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36221
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36222
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36223
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36224
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36225
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36227
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36228
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36229
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36230
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36231
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36232
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36233
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36234
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36235
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36236
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-34141
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-34142
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36238
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-36239
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-34128
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41841
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41842
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41843
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41844
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41845
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41846
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41847
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41848
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41875
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-45153
Cross-site Scripting (Stored XSS) (CWE-79)
Arbitrary code execution
Important
5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-41876
Improper Input Validation (CWE-20)
Security feature bypass
Moderate 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVE-2024-36226
Improper Input Validation (CWE-20)
Arbitrary code execution
Moderate 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
CVE-2024-41839
Improper Input Validation (CWE-20)
Security feature bypass
Moderate 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
CVE-2024-41849

Updates to Dependencies

CVE Dependency
Vulnerability Impact
Affected Versions
CVE-2024-22243
Spring Framework
Open Redirect

AEM CS  

AEM 6.5.20.0 and earlier

Note:

If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: 

  • Lorenzo Pirondini -- CVE-2024-26036, CVE-2024-26037, CVE-2024-26039, CVE-2024-26053, CVE-2024-26057, CVE-2024-26058, CVE-2024-26072, CVE-2024-26074, CVE-2024-26075, CVE-2024-26077, CVE-2024-26078, CVE-2024-26081, CVE-2024-26082, CVE-2024-26083, CVE-2024-26085, CVE-2024-26089, CVE-2024-26090, CVE-2024-26091, CVE-2024-26054, CVE-2024-26055, CVE-2024-26086, CVE-2024-36172, CVE-2024-36181, CVE-2024-36182, CVE-2024-36183, CVE-2024-36185, CVE-2024-36186, CVE-2024-36187, CVE-2024-36188, CVE-2024-36189, CVE-2024-36190, CVE-2024-36192, CVE-2024-36193, CVE-2024-36194, CVE-2024-36195, CVE-2024-36196, CVE-2024-36197, CVE-2024-36220, CVE-2024-36222, CVE-2024-36223, CVE-2024-36224, CVE-2024-36228, CVE-2024-36229, CVE-2024-36230, CVE-2024-36231, CVE-2024-36233, CVE-2024-36234, CVE-2024-36235, CVE-2024-36236, CVE-2024-36238, CVE-2024-36239, CVE-2024-34128, CVE-2024-41843, CVE-2024-41844, CVE-2024-41845
  • Jim Green (green-jam) -- CVE-2024-26029, CVE-2024-26066, CVE-2024-26068, CVE-2024-26070, CVE-2024-26071, CVE-2024-26088, CVE-2024-26092, CVE-2024-2609, CVE-2024-26095, CVE-2024-26110, CVE-2024-26111, CVE-2024-26113, CVE-2024-26114, CVE-2024-26115, CVE-2024-26116, CVE-2024-26117, CVE-2024-26121, CVE-2024-26123, CVE-2024-20769, CVE-2024-20784, CVE-2024-26060, CVE-2024-34119, CVE-2024-34120, CVE-2024-36141, CVE-2024-36142, CVE-2024-36143, CVE-2024-36144, CVE-2024-36146, CVE-2024-36147, CVE-2024-36148, CVE-2024-36149, CVE-2024-36150, CVE-2024-36151, CVE-2024-36152, CVE-2024-36153, CVE-2024-36154, CVE-2024-36155, CVE-2024-36156, CVE-2024-36157, CVE-2024-36158, CVE-2024-36159, CVE-2024-36160, CVE-2024-36161, CVE-2024-36162, CVE-2024-36163, CVE-2024-36164, CVE-2024-36165, CVE-2024-36166, CVE-2024-36167, CVE-2024-36168, CVE-2024-36169, CVE-2024-36170, CVE-2024-36171, CVE-2024-36173, CVE-2024-36174, CVE-2024-36175, CVE-2024-36176, CVE-2024-36177, CVE-2024-36178, CVE-2024-36179, CVE-2024-36180, CVE-2024-36184, CVE-2024-36191, CVE-2024-36198, CVE-2024-36199, CVE-2024-36200, CVE-2024-36201, CVE-2024-36202, CVE-2024-36203, CVE-2024-36204, CVE-2024-36205, CVE-2024-36206, CVE-2024-36207, CVE-2024-36208, CVE-2024-36209, CVE-2024-36210, CVE-2024-36211, CVE-2024-36212, CVE-2024-36213, CVE-2024-36214, CVE-2024-36215, CVE-2024-36216, CVE-2024-36217, CVE-2024-36218, CVE-2024-36219, CVE-2024-36221, CVE-2024-36225, CVE-2024-34141, CVE-2024-34142, CVE-2024-41841, CVE-2024-41846, CVE-2024-41847, CVE-2024-41848, CVE-2024-41875, CVE-2024-41876, CVE-2024-45153
  • Akshay Sharma (anonymous_blackzero) -- CVE-2024-26049, CVE-2024-26126, CVE-2024-26127, CVE-2024-36226, CVE-2024-36232, CVE-2024-41849

NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.

Revisions

October 2, 2024 - added CVE-2024-45153

August 20, 2024 - added CVE-2024-41841, CVE-2024-41842, CVE-2024-41843, CVE-2024-41844, CVE-2024-41845, CVE-2024-41846, CVE-2024-41847, CVE-2024-41848, CVE-2024-41849, CVE-2024-41875, CVE-2024-41876

July 22, 2024 - added CVE-2024-34128 and CVE-2024-41839

June 25, 2024 - Updated Dependencies

June 19, 2024 - added CVE-2024-34141 and CVE-2024-34142


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

 Adobe

Get help faster and easier

New user?