Adobe Livecycle Data Services vulnerabilities
5 known vulnerabilities affecting adobe/livecycle_data_services.
Total CVEs
5
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2015-5255MEDIUMCVSS 4.3v3.0v4.5+2 more2015-11-18
CVE-2015-5255 [MEDIUM] CWE-20 CVE-2015-5255: Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data S
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a
nvd
CVE-2015-3269MEDIUMCVSS 5.0v3.0v4.5+2 more2015-08-25
CVE-2015-3269 [MEDIUM] CWE-200 CVE-2015-3269: Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction wi
nvd
CVE-2011-2092CRITICALCVSS 10.0≤ 3.1v2.5+4 more2011-06-16
CVE-2011-2092 [CRITICAL] CWE-20 CVE-2011-2092: Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
nvd
CVE-2011-2093MEDIUMCVSS 5.0≤ 3.1v2.5+4 more2011-06-16
CVE-2011-2093 [MEDIUM] CWE-20 CVE-2011-2093: Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
nvd
CVE-2009-3960MEDIUMCVSS 6.5KEVPoCv2.5.1v2.6.1+1 more2010-02-15
CVE-2009-3960 [MEDIUM] CVE-2009-3960: Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, Li
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external e
nvd