Fri. Jul 10th, 2020

Adobe fixed multi vulnerabilities on June Security Update

2 min read

Today, Adobe officially released the June security update, which fixed multiple vulnerabilities in Adobe’s products, including Adobe Framemaker, Adobe Experience Manager, and Adobe Flash Player.

CVE-2018-15981

Vulnerability Details

Adobe Framemaker

Adobe Framemaker security update released by Adobe has fixed a total of 3 security vulnerabilities.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Memory Corruption Arbitrary code execution Critical  CVE-2020-9636
Out-of-Bounds Write Arbitrary code execution Critical CVE-2020-9634

CVE-2020-9635

Adobe Experience Manager

The Adobe Experience Manager security update released by Adobe has fixed a total of 6 security vulnerabilities.

Vulnerability Category Vulnerability Impact Severity CVE Number  Affected Versions Release Notes
Server-side request forgery (SSRF) Sensitive Information Disclosure Important CVE-2020-9643 AEM 6.1

AEM 6.2

AEM 6.3

AEM 6.4

Cumulative Fix Pack 6.3.3.8

Cumulative Fix Pack 6.4.8.1

Cross-site scripting (DOM-based) Arbitrary JavaScript execution in the browser Important CVE-2020-9647 AEM 6.1

AEM 6.2

AEM 6.3

AEM 6.4

AEM 6.5

Cumulative Fix Pack 6.4.8.1

Service Pack 6.5.5.0

Cross-site scripting Arbitrary JavaScript execution in the browser Important CVE-2020-9648 AEM 6.1

AEM 6.2

AEM 6.3

AEM 6.4

AEM 6.5

Cumulative Fix Pack 6.4.8.1

Service Pack 6.5.5.0

Cross-site scripting (stored) Arbitrary JavaScript execution in the browser Important CVE-2020-9644 AEM 6.1

AEM 6.2

AEM 6.3

AEM 6.4

AEM 6.5

Cumulative Fix Pack 6.4.8.1

Service Pack 6.5.5.0

Blind server-side request forgery (SSRF) Sensitive Information Disclosure Important CVE-2020-9645 AEM 6.1

AEM 6.2

AEM 6.3

AEM 6.4

AEM 6.5

Cumulative Fix Pack 6.4.8.1

Service Pack 6.5.5.0

Cross-site scripting (reflected) Arbitrary JavaScript execution in the browser Important CVE-2020-9651 AEM 6.1

AEM 6.2

AEM 6.3

AEM 6.4

AEM 6.5

Cumulative Fix Pack 6.4.8.1

Service Pack 6.5.5.0

Adobe Flash Player

Adobe Flash Player security update released by Adobe has fixed one security hole.

Vulnerability Category Vulnerability Impact Severity CVE Number
Use After Free Arbitrary Code Execution Critical CVE-2020-9633

Solution

Adobe has officially released a new version that fixes the above vulnerabilities. Users are advised to refer to the recommended repair time given by the Adobe Priority Assessment System and upgrade protection on time.