Adobe fixed multi vulnerabilities on June Security Update
Today, Adobe officially released the June security update, which fixed multiple vulnerabilities in Adobe’s products, including Adobe Framemaker, Adobe Experience Manager, and Adobe Flash Player.
Vulnerability Details
Adobe Framemaker
Adobe Framemaker security update released by Adobe has fixed a total of 3 security vulnerabilities.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Memory Corruption | Arbitrary code execution | Critical | CVE-2020-9636 |
Out-of-Bounds Write | Arbitrary code execution | Critical | CVE-2020-9634
CVE-2020-9635 |
Adobe Experience Manager
The Adobe Experience Manager security update released by Adobe has fixed a total of 6 security vulnerabilities.
Vulnerability Category | Vulnerability Impact | Severity | CVE Number | Affected Versions | Release Notes |
Server-side request forgery (SSRF) | Sensitive Information Disclosure | Important | CVE-2020-9643 | AEM 6.1
AEM 6.2 AEM 6.3 AEM 6.4 |
Cumulative Fix Pack 6.3.3.8 |
Cross-site scripting (DOM-based) | Arbitrary JavaScript execution in the browser | Important | CVE-2020-9647 | AEM 6.1
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Cumulative Fix Pack 6.4.8.1 |
Cross-site scripting | Arbitrary JavaScript execution in the browser | Important | CVE-2020-9648 | AEM 6.1
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Cumulative Fix Pack 6.4.8.1 |
Cross-site scripting (stored) | Arbitrary JavaScript execution in the browser | Important | CVE-2020-9644 | AEM 6.1
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Cumulative Fix Pack 6.4.8.1 |
Blind server-side request forgery (SSRF) | Sensitive Information Disclosure | Important | CVE-2020-9645 | AEM 6.1
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Cumulative Fix Pack 6.4.8.1 |
Cross-site scripting (reflected) | Arbitrary JavaScript execution in the browser | Important | CVE-2020-9651 | AEM 6.1
AEM 6.2 AEM 6.3 AEM 6.4 AEM 6.5 |
Cumulative Fix Pack 6.4.8.1 |
Adobe Flash Player
Adobe Flash Player security update released by Adobe has fixed one security hole.
Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
Use After Free | Arbitrary Code Execution | Critical | CVE-2020-9633 |
Solution
Adobe has officially released a new version that fixes the above vulnerabilities. Users are advised to refer to the recommended repair time given by the Adobe Priority Assessment System and upgrade protection on time.