Adobe Releases Security Updates (July 09, 2019)

Description

Adobe has released security updates to address vulnerabilities affecting Bridge CCC, Experience Manager, and Dreamweaver. It is recommended that you take the necessary precautions by ensuring your product are always updated.

 

Summary

This vulnerability is rated important and occurs when parsing malformed SVG images. This can result in an out-of-bound memory read which leads to information disclosure in the context of a current user.

Bulletin ID

Date Published

Priority

APSB19-37

July 09, 2019

3

Affected Versions

Product

Version

Platform

Adobe Bridge CC

9.0.2 and earlier version

Windows and macOS

Solution

Products

Version

Platform

Priority

Availability

Adobe Bridge CC

9.1

Windows and macOS

3

Download Page

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Out-of-Bounds Read

Information Disclosure

Important

CVE-2019-7963

Summary

These updates have resolved reflected cross-site scripting vulnerability, which is rated Moderate, stored cross-site scripting vulnerability rated Important and cross-site forgery vulnerability rated Important which could result in sensitive information disclosure.  

Bulletin ID

Date Published

Priority

APSB19-38

July 09, 2019

2

Affected Versions

Product

Version

Platform

Adobe Experience Manager

6.4

6.3

6.2

6.1

6.0

All

Solution

Products

Version

Platform

Priority

Availability

Adobe Experience Manager

6.5

6.4

6.3

All

All

All

2

2

2

Releases and Updates

Releases and Updates

Releases and Updates

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Numbers

Affected Version

Download Package

Cross-Site request forgery

Sensitive Information disclosure

Important

CVE-2019-7953

AEM 6.0

AEM 6.1

AEM 6.3

AEM 6.4

Cumulative Fix Pack for 6.3 SP3 – AEM-6.3.3.4

 

Service Pack for 6.4 - AEM-6.4.5.0

Stored Cross-site Scripting

Sensitive Information disclosure

Important

CVE-2019-7954

AEM 6.2

AEM 6.3

AEM 6.4

AEM 6.5

Cumulative Fix Pack for 6.3 SP3 - AEM-6.3.3.5

 

Service Pack for 6.4 - AEM-6.4.5.0

 

Service Pack for 6.5 - AEM-6.5.1.0

Reflected Cross Site Scripting

Sensitive Information disclosure

Moderate

CVE-2019-7955

AEM 6.2

AEM 6.3

AEM 6.4

AEm 6.5

Cumulative Fix Pack for 6.3 SP3 - AEM-6.3.3.5

 

Service Pack for 6.4 - AEM-6.4.5.0

 

Service Pack for 6.5 - AEM-6.5.1.0

Summary

This update resolves an insecure library loading vulnerability in the installer and it’s rated important that could lead to privilege escalation.

Bulletin ID

Date Published

Priority

APSB19-40

July 09, 2019

3

Affected Versions

Product

Version

Platform

Adobe Dreamweaver direct download installer

19.0 and below  

18.0 and below

Windows

Windows

Solution

Products

Updated Version

Platform

Priority

Availability

Adobe Dreamweaver direct download installer

2019 Release

 

2019 Release

Windows

 

Windows

3

 

3

Download Page

 

Download Page  

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Insecure Library Loading (DLL hijacking)

Privilege Escalation

Important

CVE-2019-7956

 

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

  • Adobe release Security updates (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/07/09/adobe-releases-     security-updates