Important Security Updates for AEM 6.x

by Joey Smith

Oct 16 , 2018

If you are not subscribed to Adobe’s Security Bulletins, you might not have heard about the recent security update issued by Adobe for all supported versions of AEM (6.0 - 6.4). Quoting their press release:

Adobe has released security updates for Adobe Experience Manager. These updates resolve two reflected cross-site scripting vulnerabilities rated Moderate, and three stored cross-site scripting vulnerabilities rated Important that could result in sensitive information disclosure.

If you are already on AEM Service Pack 2 for 6.4 (AEM 6.4.2.0) or Service Pack 3 for AEM 6.3 (AEM 6.3.3.0), these fixes were rolled into those Service Packs. For any other release of AEM, we urge you to download the security updates, test them in your non-production environments, and promote them to production as soon as you can safely do so.

In the meantime, go subscribe to Adobe’s Security Bulletins and Advisories mailing list, and consider joining us in the AEM-Tech Slack.

Tags: AEM | Adobe Experience Manager | Experience Manager | Adobe CQ | Security | XSS | Cross-Site Scripting