2 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no maneja adecuadamente los objetos gráficos, lo que permite a atacantes provocar una denegación de servicio a través de vectores no especificados, en relación con una "vulnerabilidad de objetos gráficos complejos" • http://osvdb.org/73009 http://www.adobe.com/support/security/bulletins/apsb11-15.html http://www.securityfocus.com/bid/48267 http://www.securitytracker.com/id?1025656 http://www.securitytracker.com/id?1025657 https://exchange.xforce.ibmcloud.com/vulnerabilities/68026 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creación de clases durante la deserialización de la informción (1) AMF y (2) AMFX, lo que permite a atacantestener un impacto no especificado a través de vectores desconocidos. • http://www.adobe.com/support/security/bulletins/apsb11-15.html http://www.securitytracker.com/id?1025656 http://www.securitytracker.com/id?1025657 • CWE-20: Improper Input Validation •