Adobe Security Bulletin

Release date: April 11, 2017

Vulnerability identifier: APSB17-09

Priority: 2

CVE number: CVE-2017-2989

Platform: Windows and Linux

Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves an important input validation bypass that could be exploited to read, write or delete data from the Campaign database (CVE-2017-2989).

Product	Affected version	Platform
Adobe Campaign v6.11	Build 8770 and earlier versions	Windows and Linux

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product	Updated version	Platform	Priority rating	Availability
Adobe Campaign v6.11	Build 8795	Windows and Linux	2	Release Notes

Customers may refer to the FAQ for instructions on downloading the latest build.
For customers with Adobe Campaign Build 8770 and earlier, please refer to the documentation page for instructions to resolve CVE-2017-2989.

This update resolves an important input validation bypass that could be exploited to read, write
or delete data from the Campaign database (CVE-2017-2989).

Adobe would like to thank LocalTapiola Bug Bounty Program, Yonatan Migdal and Avaus Marketing Innovations for reporting this issue (CVE-2017-2989) and for working with Adobe to help protect our customers.

Adobe Security Bulletin

Security update available for Adobe Campaign

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgments

Ask the Community

Contact Us