Description
Adobe has released security updates to address vulnerabilities affecting Bridge CCC, Experience Manager, and Dreamweaver. It is recommended that you take the necessary precautions by ensuring your product are always updated.
Summary
This vulnerability is rated important and occurs when parsing malformed SVG images. This can result in an out-of-bound memory read which leads to information disclosure in the context of a current user.
|
Bulletin ID |
Date Published |
Priority |
|
APSB19-37 |
July 09, 2019 |
3 |
Affected Versions
|
Product |
Version |
Platform |
|
Adobe Bridge CC |
9.0.2 and earlier version |
Windows and macOS |
Solution
|
Products |
Version |
Platform |
Priority |
Availability |
|
Adobe Bridge CC |
9.1 |
Windows and macOS |
3 |
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|
Out-of-Bounds Read |
Information Disclosure |
Important |
CVE-2019-7963 |
Summary
These updates have resolved reflected cross-site scripting vulnerability, which is rated Moderate, stored cross-site scripting vulnerability rated Important and cross-site forgery vulnerability rated Important which could result in sensitive information disclosure.
|
Bulletin ID |
Date Published |
Priority |
|
APSB19-38 |
July 09, 2019 |
2 |
Affected Versions
|
Product |
Version |
Platform |
|
Adobe Experience Manager |
6.4 6.3 6.2 6.1 6.0 |
All |
Solution
|
Products |
Version |
Platform |
Priority |
Availability |
|
Adobe Experience Manager |
6.5 6.4 6.3 |
All All All |
2 2 2 |
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
Affected Version |
Download Package |
|
Cross-Site request forgery |
Sensitive Information disclosure |
Important |
CVE-2019-7953 |
AEM 6.0 AEM 6.1 AEM 6.3 AEM 6.4 |
Cumulative Fix Pack for 6.3 SP3 AEM-6.3.3.4
|
|
Stored Cross-site Scripting |
Sensitive Information disclosure |
Important |
CVE-2019-7954 |
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Cumulative Fix Pack for 6.3 SP3 – AEM-6.3.3.5
Service Pack for 6.4 – AEM-6.4.5.0
|
|
Reflected Cross Site Scripting |
Sensitive Information disclosure |
Moderate |
CVE-2019-7955 |
AEM 6.2 AEM 6.3 AEM 6.4 AEm 6.5 |
Cumulative Fix Pack for 6.3 SP3 – AEM-6.3.3.5
Service Pack for 6.4 – AEM-6.4.5.0
|
Summary
This update resolves an insecure library loading vulnerability in the installer and its rated important that could lead to privilege escalation.
|
Bulletin ID |
Date Published |
Priority |
|
APSB19-40 |
July 09, 2019 |
3 |
Affected Versions
|
Product |
Version |
Platform |
|
Adobe Dreamweaver direct download installer |
19.0 and below 18.0 and below |
Windows Windows |
Solution
|
Products |
Updated Version |
Platform |
Priority |
Availability |
|
Adobe Dreamweaver direct download installer |
2019 Release
2019 Release |
Windows
Windows |
3
3 |
|
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|
Insecure Library Loading (DLL hijacking) |
Privilege Escalation |
Important |
CVE-2019-7956 |
The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.
https://www.us-cert.gov/ncas/current-activity/2019/07/09/adobe-releases- security-updates