Release date: December 13, 2016
Vulnerability identifier: APSB16-40
Priority: 3
CVE number: CVE-2016-6933, CVE-2016-6934
Platform: Windows, Linux, Solaris and AIX
Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks (CVE-2016-6933 and CVE-2016-6934). Adobe recommends users apply the available updates using the instructions provided in the "Solution" section below.
Note: In 2015, AEM Forms became the successor to Adobe LiveCycle.
Product | Affected version | Platform |
---|---|---|
Adobe Experience Manager Forms | 6.2 |
Windows, Linux, Solaris and AIX |
LiveCycle | 11.0.1 |
Windows, Linux, Solaris and AIX |
Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.
Product | Fixed version | Platform | Priority rating |
---|---|---|---|
Adobe Experience Manager Forms 6.2 | AEMForms-6.2.0-0002 | Windows, Linux, Solaris and AIX |
3 |
Adobe Experience Manager Forms 6.1 | 6.1.0-COR-1064-012 6.1.0-PRM-1065-020 |
Windows, Linux, Solaris and AIX | 3 |
Adobe Experience Manager Forms 6.0 | 6.0.0-COR-1042-015 6.0.0-PRM-1043-020 |
Windows, Linux, Solaris and AIX | 3 |
LiveCycle 11.0.1 | 11.0.1-COR-1155-044 11.0.1-PRM-1161-017 |
Windows, Linux, Solaris and AIX |
3 |
LiveCycle 10.0.4 | 10.0.4-COR-1064-025 10.0.4-PRM-1065-007 |
Windows, Linux, Solaris and AIX |
3 |
Description | CVE | Fixed version |
---|---|---|
Updates resolve an input validation issue in the AACComponent that could be used in cross-site scripting attacks. |
CVE-2016-6933 | AEMForms-6.2.0-0002 6.1.0-COR-1064-012 6.0.0-COR-1042-015 11.0.1-COR-1155-044 10.0.4-COR-1064-025 |
Updates resolve an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. |
CVE-2016-6934 | AEMForms-6.2.0-0002 6.1.0-PRM-1065-020 6.0.0-PRM-1043-020 11.0.1-PRM-1161-017 10.0.4-PRM-1065-007 |