Adobe has released security hotfixes for Adobe Experience Manager (AEM). These hotfixes resolve a vulnerability in AEM versions 6.5 and 6.4 rated Important. Successful exploitation could result in a denial-of-service condition.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
Adobe Experience Manager |
6.5 |
All |
2 |
AEM-6.5.4.0 (Package Share) AEM-6.5.4.0 (Software Distribution) cq-6.5.0-hotfix-31870 (Package Share) 6.5.0-hotfix-31870-1.2 (Software Distribution) |
6.4 |
All |
2 |
AEM-6.4.8.0 (Package Share) AEM-6.4.8.0 (Software Distribution) cq-6.4.0-hotfix-31868 (Package Share) 6.4.0-hotfix-31868-1.2 (Software Distribution) |
Note
The 6.5 hotfix should be installed on AEM 6.5.3.0
The 6.4 hotfix should be installed on AEM 6.4.7.0
Note
See here for more information on the new Software Distribution interface.
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
Affected Versions |
Uncontrolled Resource Consumption | Denial-of-service | Important | CVE-2020-3741 |
AEM 6.4 AEM 6.5 |
Note
AEM versions 6.3 and below are not impacted by this issue.