This month, Adobe released patches for various products multiple times. However, it seems the vulnerabilities continue to appear in Adobe products, requiring quick fixes. For the third time in January 2019, Adobe has released updates. This time, the updates fix flaws in Adobe Experience Manager.
Multiple Flaws Spotted In Adobe Experience Manager
Once again, Adobe has released an update bundle addressing security vulnerabilities. These updates bring fixes for two Adobe Experience Manager flaws. However, none of these vulnerabilities are critical.
Describing the flaws, Adobe stated in its advisory,
“These updates resolve one reflected cross-site scripting vulnerability rated Moderate, and one stored cross-site scripting vulnerability rated Important that could result in sensitive information disclosure.”
Both the Stored Cross-site Scripting vulnerability (CVE-2018-19726) and the Reflected Cross-site Scripting (CVE-2018-19727) affected AEM versions 6.3 and 6.4. Whereas, the vulnerability CVE-2018-19726 also affected the earlier versions: AEM 6.0, 6.1, and 6.2.
Adobe has rolled-out patches in the latest versions of Adobe Experience Manager and has recommended the users to update their devices.
Third Update Bundle In A Month
The present updates mark the third round of patches by Adobe within a month. Beginning this year, Adobe rolled out quick fixes for critical vulnerabilities in Adobe Reader and Acrobat. Then, in the following week, they released the scheduled patch Tuesday updates addressing flaws in Adobe Connect and Adobe Digital Editions.
The recent AEM fixes mark the third consecutive patch in three weeks. Interestingly, in all three instances, Adobe did not release any patches for fixing security flaws in Adobe Flash. Does this mean the software is being properly tested before release? Or, shall we expect to receive updates in the next week again? Not to forget that Adobe has already announced ending support for Flash soon.
Take your time to comment on this article.
Latest posts by Abeerah Hashim (see all)
- Microsoft Discovered A Phishing Campaign Tricking Users With Custom 404 Pages - August 18, 2019
- Mozilla Firefox Bug Could Allow Copying Saved Passwords Without Master Password - August 18, 2019
- European Central Bank Shut Down BIRD Website Following Cyber Attack - August 17, 2019