CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2011-2092
https://notcve.org/view.php?id=CVE-2011-2092
16 Jun 2011 — Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creación de clases durante la deserializaci... • http://www.adobe.com/support/security/bulletins/apsb11-15.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2011-2093
https://notcve.org/view.php?id=CVE-2011-2093
16 Jun 2011 — Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no maneja adecuadamente los objetos gráficos, lo que permite a atacantes provocar una denegación de servicio a través de vecto... • http://osvdb.org/73009 • CWE-20: Improper Input Validation •