Adobe has released a security update for Adobe Campaign Classic. This update addresses vulnerabilities rated Critical, Important and Moderate that could result in arbitrary code execution.
Product | Affected version | Platform |
---|---|---|
Adobe Campaign Classic |
18.10.5-8984 (and earlier versions) | Windows and Linux |
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
Product | Updated version | Platform | Priority rating | Availability |
---|---|---|---|---|
Adobe Campaign | 19.1.4-9031 | Windows and Linux | 3 | Release Notes |
Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
Insufficient input validation | Information Disclosure | Important | CVE-2019-7843 |
Improper error handling | Information Disclosure | Moderate | CVE-2019-7846 |
Inadequate access control | Information Disclosure | Moderate | CVE-2019-7848 |
Command injection | Arbitrary Code Execution | Critical | CVE-2019-7850 |
Adobe would like to thank Olivier Guerra of Aon's Cyber Solutions for reporting this issue (CVE-2019-7843) and for working with Adobe to help protect our customers.
June 14, 2019: Removed reference to CVE-2019-7849. This CVE was erroneously included in the original bulletin content.
July 31, 2019: Changed updated version from 19.1.1-9026 to 19.1.4-9031 due to regression in the former.
August 15, 2019: Updated Severity of CVE-2019-7850 to Critical.
August 19, 2019: Removed references to CVE-2019-7941 & CVE-2019-7847. These CVEs were erroneously included in the original bulletin content.
May 14, 2020: Modified the summary to reflect the critical, important and moderate severity vulnerabilities referenced in this bulletin.