3 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no maneja adecuadamente los objetos gráficos, lo que permite a atacantes provocar una denegación de servicio a través de vectores no especificados, en relación con una "vulnerabilidad de objetos gráficos complejos" • http://osvdb.org/73009 http://www.adobe.com/support/security/bulletins/apsb11-15.html http://www.securityfocus.com/bid/48267 http://www.securitytracker.com/id?1025656 http://www.securitytracker.com/id?1025657 https://exchange.xforce.ibmcloud.com/vulnerabilities/68026 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creación de clases durante la deserialización de la informción (1) AMF y (2) AMFX, lo que permite a atacantestener un impacto no especificado a través de vectores desconocidos. • http://www.adobe.com/support/security/bulletins/apsb11-15.html http://www.securitytracker.com/id?1025656 http://www.securitytracker.com/id?1025657 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 94%CPEs: 12EXPL: 2

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents. Vulnerabilidad sin especificar en BlazeDS v3.2 y anteriores, tal como es utilizado en LiveCycle v8.0.1, v8.2.1 y v9.0, LiveCycle Data Services v2.5.1, v2.6.1 y v3.0, Flex Data Services v2.0.1 y ColdFusion v7.0.2, v8.0, v8.0.1 y v9.0. Permite a atacantes remotos obtener información confidencial a través de vectores de ataque asociados con una petición, y relacionados con una etiqueta inyectada y una referencia a una entidad externa en documentos XML. Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2. • https://www.exploit-db.com/exploits/11529 https://www.exploit-db.com/exploits/41855 http://secunia.com/advisories/38543 http://securitytracker.com/id?1023584 http://www.adobe.com/support/security/bulletins/apsb10-05.html http://www.osvdb.org/62292 http://www.securityfocus.com/bid/38197 •