====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN017
_____________________________________________________________________

DATE                : 15/01/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Experience Manager versions
                                   6.3, 6.4, 6.5.

=====================================================================
https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html
_____________________________________________________________________

 Security updates available for Adobe Experience Manager | APSB20-01

Bulletin ID 	Date Published      Priority
APSB20-01       January 14, 2020    2


Summary

Adobe has released security updates for Adobe Experience Manager (AEM).
These updates resolve multiple vulnerabilities in AEM versions 6.5 and
below rated Important and Moderate.  Successful exploitation could
result in sensitive information disclosure.


Affected product versions


Product 	Version 	      Platform

Adobe Experience Manager    6.5
                            6.4
                            6.3
                            6.2
                            6.1
                            6.0
                                         All


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version:


Product                 Version  Platform    Priority     Availability

Adobe Experience Manager    6.5   All   2    Releases and Updates
                            6.4   All   2    Releases and Updates
                            6.3   All   2    Releases and Updates


Please contact Adobe customer care for assistance with earlier AEM
versions.


Vulnerability details


Vulnerability Category   Vulnerability Impact   Severity   CVE Number
Affected Versions 	Download Package

Reflected Cross-Site Scripting 	Sensitive Information disclosure
Important    CVE-2019-16466    AEM 6.3
                               AEM 6.4
                               AEM 6.5  Cumulative Fix Pack 6.3.3.7
                                        Service Pack 6.4.7.0
                                        Service Pack 6.5.3.0

Reflected Cross-Site Scripting 	Sensitive Information disclosure
Important    CVE-2019-16467    AEM 6.3
                               AEM 6.4
                               AEM 6.5  Cumulative Fix Pack 6.3.3.7
                                        Service Pack 6.4.7.0
                                        Service Pack 6.5.3.0

User Interface Injection   Sensitive Information Disclosure
Moderate     CVE-2019-16468    AEM 6.3
                               AEM 6.4
                               AEM 6.5   Cumulative Fix Pack 6.3.3.7
                                         Service Pack 6.4.7.0
                                         Service Pack 6.5.3.0


Expression Language injection 	Sensitive Information Disclosure
Important 	CVE-2019-16469 	AEM 6.5 	Service Pack 6.5.3.0


Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:     

    Lorenzo Pirondini (Netcentric, a Cognizant Digital Business)
(CVE-2019-16466, CVE-2019-16468 )


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================