====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN148
_____________________________________________________________________

DATE                : 20/03/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Experience Manager
                           versions prior to 6.5, 6.4, 6.3.

=====================================================================
https://helpx.adobe.com/security/products/experience-manager/apsb20-15.html
_____________________________________________________________________

Security updates available for Adobe Experience Manager | APSB20-15
Bulletin ID 	Date Published 	Priority
APSB20-15 	March 17, 2020 	2


Summary

Adobe has released updates for Adobe Experience Manager (AEM). These
updates resolve a vulnerability in AEM versions 6.5 and below rated
Important.  Successful exploitation could result in sensitive
information disclosure.


Affected product versions
Product 	Version 	Platform
Adobe Experience Manager	6.5 and earlier versions 	All


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version:

Product       Version        Platform     Priority    Availability

Adobe Experience Manager    6.5    All    2    	Releases and Updates
                            6.4    All    2     Releases and Updates
                            6.3    All    2     Releases and Updates

Note:

Please contact Adobe customer care for assistance with earlier AEM
versions.


Vulnerability details

Vulnerability Category	Vulnerability Impact   	Severity   CVE Number
Affected Versions 	Release Notes

Server-side request forgery (SSRF)	Sensitive Information Disclosure
Important 	CVE-2020-3769    AEM 6.1
                                                 AEM 6.2
                                                 AEM 6.3
                                                 AEM 6.4
                                                 AEM 6.5
Cumulative Fix Pack 6.3.3.8
Service Pack 6.4.8.0
Service Pack 6.5.4.0


Acknowledgments

Adobe would like to thank Mikhail Egorov (CVE-2020-3769) for reporting
this issue and for working with Adobe to help protect our customers.



=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================