Adobe Experience Manager received a hotfix to patch four “important” vulnerabilities that could allow cross scripting attacks, disclose audit log events to unprivileged users, and lead to information disclosure.
Versions 6.2, 6.1, 6.0, and 5.61 on the Windows, Unix, Linux and OS X platforms are affected, according to an Aug. 9 security bulletin.
Two of the vulnerabilities, CVE-2016-4170 and CVE-2016-4253, affected version 6.2 and earlier, while CVE-2016-4168 affected versions 6.1 and earlier and CVE-2016-4169 affected all but version 5.6.1.
All of the vulnerabilities are have a priority rating of "2" and, if exploited, could allow an attacker to compromise data security, access to confidential data, or compromise processing resources in a user's computer, according to Adobe's severity ratings.
Users with on-premise deployments should install the available hotfixes and review and implement the steps outlined in the Adobe's Security Checklists.