Lucene search
K
AdobeLivecycle Data Services

5 matches found

CVE
CVE
added 2010/02/15 6:0 p.m.1056 views

CVE-2009-3960

CVE-2009-3960 is an information-disclosure vulnerability in Adobe BlazeDS and related Adobe data services components (e.g., LiveCycle, ColdFusion) where XML External Entity/XML Injection flaws can allow remote attackers to obtain sensitive information. Root cause: injected tags and external entit...

6.5CVSS8.8AI score0.90012EPSS
In wildWeb
CVE
CVE
added 2015/08/25 1:0 a.m.91 views

CVE-2015-3269

CVE-2015-3269 is an XXE vulnerability in Apache Flex BlazeDS (used by flex-messaging-core.jar in LCDS) that allows a remote attacker to read arbitrary files via an AMF message containing an XML external entity declaration with an entity reference. Affected products include BlazeDS components in A...

5CVSS7.1AI score0.0954EPSS
CVE
CVE
added 2011/06/16 11:0 p.m.63 views

CVE-2011-2093

CVE-2011-2093 affects Adobe LiveCycle Data Services (versions 3.1 and earlier), LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The vulnerability arises from improper handling of object graphs, described as a “complex object graph vulnerability,” which can allow an attacker to cause...

5CVSS6.7AI score0.03772EPSS
CVE
CVE
added 2015/11/18 9:0 p.m.63 views

CVE-2015-5255

CVE-2015-5255 describes a Server-Side Request Forgery (SSRF) in BlazeDS used with Adobe ColdFusion and LiveCycle Data Services. A crafted XML document could cause BlazeDS to send HTTP requests to intranet servers, bypassing access controls and enabling further host‑based attacks. Affected product...

4.3CVSS6.5AI score0.04482EPSS
Web
CVE
CVE
added 2011/06/16 11:0 p.m.57 views

CVE-2011-2092

CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...

10CVSS6.8AI score0.06062EPSS