CVE-2011-2092

CWE-20 — Improper Input Validation3 documents3 sources

Severity

10.0CRITICAL

EPSS

2.3%

top 15.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Blazeds Adobe Livecycle Adobe Livecycle Data Services

Timeline

PublishedJun 16

Latest updateMay 17

Description

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/livecycle_data_services3.1+5

▶NVDadobe/livecycle9.0.0.2+6

▶NVDadobe/blazeds4.0.1

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-27xg-jff9-57pq: Adobe LiveCycle Data Services 3↗2022-05-17

▶

CVEList

CVE-2011-2092: Adobe LiveCycle Data Services 3↗2011-06-16

▶