Adobe Security Bulletin

Security updates available for Adobe Experience Manager | APSB18-04

Bulletin ID	Date Published	Priority
APSB18-04	February 13, 2018	3

Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate, and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important.

Product	Version	Platform
Adobe Experience Manager	6.3 6.2 6.1 6.0	All

Product

Version

Platform

Adobe Experience Manager

6.3

6.2

6.1

6.0

All

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product	Version	Platform	Priority	Availability
Adobe Experience Manager	6.3	All	3	Release note
	6.2	All	3	Release note
	6.1	All	3	Release note
	6.0	All	3	Release note

Please contact Adobe customer care for assistance with earlier AEM versions.

Vulnerability Category

Vulnerability Impact

Severity

CVE Numbers

Affected Version

Download Package

Reflected cross-site scripting

Sensitive Information disclosure

Moderate

CVE-2018-4875

AEM 6.0, AEM 6.1

HOTFIX 19729 for AEM 6.0.0

HOTFIX 9381 for AEM 6.1.0

Cross-site scripting

Sensitive Information Disclosure

Important

CVE-2018-4876

AEM 6.1, AEM 6.2,AEM 6.3

Cumulative Fix Pack for 6.1 SP2 - AEM-6.1-SP2-CFP14

Cumulative Fix Pack for 6.2SP1 - AEM-6.2-SP1-CFP11

HOTFIX
21290 for AEM 6.3.0

Note:

The packages listed in the table above are the minimum fix packs to address the listed vulnerability. For the latest versions, please see the release notes links referenced above.

Adobe Security Bulletin

Summary

Affected product versions

Solution

Vulnerability details

Ask the Community

Contact Us