CVE-2009-3960
published 2010-02-15CVE-2009-3960: Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-09-07
Exploited in the wild
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | blazeds | <= 3.2 | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | flex_data_services | — | — |
| adobe | livecycle | — | — |
| adobe | livecycle | — | — |
| adobe | livecycle | — | — |
| adobe | livecycle_data_services | — | — |
| adobe | livecycle_data_services | — | — |
| adobe | livecycle_data_services | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vulncheck6.5MEDIUM
cisa6.5MEDIUM