CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 1CVE-2015-5255 – HP Security Bulletin HPSBST03568 1
https://notcve.org/view.php?id=CVE-2015-5255
18 Nov 2015 — Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. Adobe BlazeDS, como se utiliza en ColdFusion 10 en versiones anteriores a Update 18 y 11 en versiones anteriores a ... • https://packetstorm.news/files/id/134506 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 13%CPEs: 5EXPL: 0CVE-2015-3269 – Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3269
22 Aug 2015 — Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerabilidad en Apache Flex BlazeDS, tal como se usa en flex-messaging-core.jar en Ado... • http://marc.info/?l=bugtraq&m=145706712500978&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 14EXPL: 0CVE-2011-2092
https://notcve.org/view.php?id=CVE-2011-2092
16 Jun 2011 — Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creación de clases durante la deserializaci... • http://www.adobe.com/support/security/bulletins/apsb11-15.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 2%CPEs: 14EXPL: 0CVE-2011-2093
https://notcve.org/view.php?id=CVE-2011-2093
16 Jun 2011 — Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no maneja adecuadamente los objetos gráficos, lo que permite a atacantes provocar una denegación de servicio a través de vecto... • http://osvdb.org/73009 • CWE-20: Improper Input Validation •