====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN320

_____________________________________________________________________

DATE                : 16/10/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Experience Manager Forms
                              versions 6.5, 6.4, 6.3.

=====================================================================
https://helpx.adobe.com/security/products/aem-forms/apsb19-50.html
_____________________________________________________________________

Security updates available for Adobe Experience Manager Forms | APSB19-50
Bulletin ID 	Date Published  	Priority
APSB19-50 	October 15, 2019 	3


Summary

Adobe has released security updates for Adobe Experience Manager Forms.
These updates resolve a stored cross-site scripting vulnerability rated
Important that could result in sensitive information disclosure.


Affected product versions

Product                         Affected version     Platform
Adobe Experience Manager Forms 	   6.5  6.4  6.3     All


Solution

Adobe categorizes these updates with the following priority ratings 
and recommends users update their installation to the latest version:

Product      Version      Platform      Priority       Availability

Adobe Experience Manager Forms 	6.5 	All 	3 	Releases and Updates

6.4 	All 	3 	Releases and Updates

6.3 	All 	3 	Releases and Updates

Please contact Adobe customer care for assistance with earlier AEM Forms
versions.


Vulnerability Details

Vulnerability Category    Vulnerability Impact     Severity      CVE
Number      Affected Versions      Download Package

Reflected Cross-site Scripting    Sensitive Information disclosure
Moderate    CVE-2019-8089    AEM 6.3  AEM 6.4  AEM 6.5
Cumulative Fix Pack for 6.3 SP3 – AEM-6.3.3.6
Service Pack for 6.4 - AEM-6.4.6.0
Service Pack for 6.5 - AEM-6.5.2.0

Note: The packages listed in the table above are the minimum fix packs
to address the relevant vulnerability.  For the latest versions, please
see the release notes links referenced above.


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================