Adobe Security Bulletin

Security update available for Adobe Campaign

Release date: April 11, 2017

Vulnerability identifier: APSB17-09

Priority: 2

CVE number: CVE-2017-2989

Platform: Windows and Linux

Summary

Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux.  This update resolves an important input validation bypass that could be exploited to read, write or delete data from the Campaign database (CVE-2017-2989).

Affected versions

Product Affected version Platform
Adobe Campaign v6.11
Build 8770 and earlier versions Windows and Linux

Solution

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Adobe Campaign v6.11 Build 8795 Windows and Linux 2 Release Notes
  • Customers may refer to the FAQ for instructions on downloading the latest build.
  • For customers with Adobe Campaign Build 8770 and earlier, please refer to the documentation page for instructions to resolve CVE-2017-2989. 

Vulnerability Details

This update resolves an important input validation bypass that could be exploited to read, write
or delete data from the Campaign database (CVE-2017-2989).

Acknowledgments

Adobe would like to thank LocalTapiola Bug Bounty Program, Yonatan Migdal and Avaus Marketing Innovations for reporting this issue (CVE-2017-2989) and for working with Adobe to help protect our customers.