Improper input validation in Adobe Blazeds
CVE-2011-2092
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.017 (82.5th percentile) — read the EPSS interpretation.
Affected products
- Adobe Blazeds
- Adobe Livecycle — versions 6.0, 7.0, 8.0.1
- Adobe Livecycle_data_services — versions 2.5, 2.5.1, 2.6
- N/a — versions n/a
Weakness classification (CWE)
References
- 1025656 (vdb-entry, x_refsource_SECTRACK)
- psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 1025657 (vdb-entry, x_refsource_SECTRACK)