CVE-2011-2093

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUM

EPSS

2.8%

top 13.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Blazeds Adobe Livecycle Adobe Livecycle Data Services

Timeline

PublishedJun 16

Latest updateMay 17

Description

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDadobe/livecycle_data_services3.1+5

▶NVDadobe/livecycle9.0.0.2+6

▶NVDadobe/blazeds4.0.1

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-q487-6fjf-jx4g: Adobe LiveCycle Data Services 3↗2022-05-17

▶

CVEList

CVE-2011-2093: Adobe LiveCycle Data Services 3↗2011-06-16

▶