Unscheduled Adobe Experience Manager Patches

Recently, a lot of post have been publish related on “Unscheduled Adobe Patches”. For this month only, there already have three patches been issued to the Adobe’s User.

The flaw that been included in the latest patch is such as following:

CVE-2018-19726 (HTML Injection Vulnerability)

This vulnerability have been classified as Input Validation Error that been update around 22 January 2019.

The affected software:

  • Adobe Experience Manager 6.4
  • Adobe Experience Manager 6.3
  • Adobe Experience Manager 6.2
  • Adobe Experience Manager 6.1
  • Adobe Experience Manager 6.0

CVE-2018-19727 (Cross-Site Scripting Vulnerabilities)

This vulnerability have been classified as Input Validation Error that been update around 22 January 2019.

The affected software:

  • Adobe Experience Manager 6.4
  • Adobe Experience Manager 6.3

The exposure for this vulnerability can be cause sensitive information disclosure from the stored cross-site scripting method.

For more details on stored cross-site scripting can read here.

*Stored cross-site scripting can be considered among the high-risk in cross-site scripting.

CVE-2018-19724 (HTML Injection Vulnerability)

This vulnerability have been classified as Input Validation Error that been update around 22 January 2019.

The affected software:

  • Adobe Experience Manager 6.4
  • Adobe Experience Manager 6.3
  • Adobe Experience Manager 6.2

However, the vulnerabilities that include Cross-Site Scripting can rated as “moderate” and security weakness can be rated as “2”.

Source: Security Buletins and Advisories)

Author: Wan Ariff

Leave a Reply

Your email address will not be published. Required fields are marked *