某些 Creative Cloud 应用程序、服务和功能在中国不可用。
Adobe has released updates for Adobe Experience Manager (AEM). These updates resolve vulnerabilities in AEM versions 6.5 and below rated Important. Successful exploitation could result in sensitive information disclosure.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
Adobe Experience Manager |
6.5 |
All |
2 |
Releases and Updates |
6.4 |
All |
2 |
Note:
Please contact Adobe customer care for assistance with earlier AEM versions.
| Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
Affected Versions | Release Notes |
| Server-side request forgery (SSRF) |
Sensitive Information Disclosure | Important | CVE-2020-9643 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 |
|
| Cross-site scripting (DOM-based) |
Arbitrary JavaScript execution in the browser | Important |
CVE-2020-9647 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
|
| Cross-site scripting |
Arbitrary JavaScript execution in the browser |
Important |
CVE-2020-9648 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
|
| Cross-site scripting (stored) |
Arbitrary JavaScript execution in the browser |
Important |
CVE-2020-9644 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
|
| Blind server-side request forgery (SSRF) |
Sensitive Information Disclosure | Important |
CVE-2020-9645 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
|
| Cross-site scripting (reflected) |
Arbitrary JavaScript execution in the browser |
Important |
CVE-2020-9651 |
AEM 6.1 AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Note:
AEM version 6.1 extended support ended on May 31, 2020.