Adobe Security Bulletin
Security updates available for Adobe Experience Manager Forms | APSB19-03
Bulletin ID Date Published  Priority
APSB19-03 January 22, 2019 2

Summary

Adobe has released security updates for Adobe Experience Manager Forms. These updates resolve a stored cross-site scripting vulnerability rated Important that could result in sensitive information disclosure.

Affected product versions

Product Affected version Platform
Adobe Experience Manager Forms

6.4
6.3
6.2

All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Product Version Platform Priority Availability
Adobe Experience Manager Forms 6.4 All 2 Releases and Updates
6.3 All 2 Releases and Updates
6.2 All 2 Releases and Updates

Vulnerability Details

Vulnerability Category Vulnerability Impact  Severity CVE Number  Affected Versions Download Package 
Stored Cross-site Scripting Sensitive Information disclosure  Important CVE-2018-19724 

AEM 6.2

AEM 6.3 

AEM 6.4

Cumulative Fix Pack 6.2 SP1-CFP18

Cumulative Fix Pack for 6.3 - AEM-6.3.3.2

Service Pack for 6.4 - AEM-6.4.3.0

Note: the packages listed in the table above are the minimum fix packs to address the relevant vulnerability.  For the latest versions, please see the release notes links referenced above.

Acknowledgments

Adobe would like to thank Adam Willard for reporting (CVE-2018-19724) and for working with Adobe to help protect our customers.