某些 Creative Cloud 应用程序、服务和功能在中国不可用。
Release date: May 9, 2017
Vulnerability identifier: APSB17-16
Priority: 2
CVE number: CVE-2017-3067
Platform: Windows, Linux, Solaris and AIX
Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form. Adobe recommends users apply the available updates using the instructions provided in the "Solution" section below.
| Product | Affected version | Platform |
|---|---|---|
| Adobe Experience Manager Forms | 6.2 |
Windows, Linux, Solaris and AIX |
Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.
| Product | Fixed version | Platform | Priority rating | Availability |
|---|---|---|---|---|
| Adobe Experience Manager Forms 6.2 | 6.2 SP1 CFP3 | Windows, Linux, Solaris and AIX |
2 | Release Notes |
| Adobe Experience Manager Forms 6.1 | 6.1 SP2 CFP8 | Windows, Linux, Solaris and AIX | 2 | Release Notes |
| Adobe Experience Manager Forms 6.0 | HotFix 2.0.58 | Windows, Linux, Solaris and AIX | 2 | Release Notes |
- These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.
Adobe would like to thank Ruben Reusser of headwire.com for reporting (CVE-2017-3067) and for working with Adobe to help protect our customers.