5 matches found
CVE-2009-3960
CVE-2009-3960 is an information-disclosure vulnerability in Adobe BlazeDS and related Adobe data services components (e.g., LiveCycle, ColdFusion) where XML External Entity/XML Injection flaws can allow remote attackers to obtain sensitive information. Root cause: injected tags and external entit...
CVE-2015-3269
CVE-2015-3269 is an XXE vulnerability in Apache Flex BlazeDS (used by flex-messaging-core.jar in LCDS) that allows a remote attacker to read arbitrary files via an AMF message containing an XML external entity declaration with an entity reference. Affected products include BlazeDS components in A...
CVE-2011-2093
CVE-2011-2093 affects Adobe LiveCycle Data Services (versions 3.1 and earlier), LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The vulnerability arises from improper handling of object graphs, described as a “complex object graph vulnerability,” which can allow an attacker to cause...
CVE-2015-5255
CVE-2015-5255 describes a Server-Side Request Forgery (SSRF) in BlazeDS used with Adobe ColdFusion and LiveCycle Data Services. A crafted XML document could cause BlazeDS to send HTTP requests to intranet servers, bypassing access controls and enabling further host‑based attacks. Affected product...
CVE-2011-2092
CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...