Adobe Security Bulletin

Security updates available for Adobe Experience Manager Forms | APSB19-24

Bulletin ID	Date Published	Priority
APSB19-24	April 09, 2019	2

Adobe has released security updates for Adobe Experience Manager Forms. These updates resolve a stored cross-site scripting vulnerability rated Important that could result in sensitive information disclosure.

Product	Affected version	Platform
Adobe Experience Manager Forms	6.4 6.3 6.2	All

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Product	Version	Platform	Priority	Availability
Adobe Experience Manager Forms	6.4	All	2	Releases and Updates
	6.3	All	2	Releases and Updates
	6.2	All	2	Releases and Updates

Please contact Adobe customer care for assistance with earlier AEM Forms versions.

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Affected Versions

Download Package

Stored Cross-site Scripting

Sensitive Information disclosure

Important

CVE-2019-7129

AEM 6.2

AEM 6.3

AEM 6.4

Cumulative Fix Pack for AEM 6.2 SP1-CFP15 

Cumulative Fix Pack for 6.3 - AEM-6.3.3.1 

Service Pack for 6.4 - AEM-6.4.2.0

Note: The packages listed in the table above are the minimum fix packs to address the relevant vulnerability. For the latest versions, please see the release notes links referenced above.

Adobe would like to thank Ryne Hanson (@hansonet) for reporting (CVE-2019-7129) and for working with Adobe to help protect our customers.

Adobe Security Bulletin

Summary

Affected product versions

Solution

Vulnerability Details

Acknowledgments

Ask the Community

Contact Us