Improper input validation in Adobe Blazeds
CVE-2011-2093
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "co…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.021 (84.3th percentile) — read the EPSS interpretation.
Affected products
- Adobe Blazeds
- Adobe Livecycle — versions 6.0, 7.0, 8.0.1
- Adobe Livecycle_data_services — versions 2.5, 2.5.1, 2.6
- N/a — versions n/a
Weakness classification (CWE)
References
- 48267 (vdb-entry, x_refsource_BID)
- livecycle-graph-object-dos(68026) (vdb-entry, x_refsource_XF)
- 1025656 (vdb-entry, x_refsource_SECTRACK)
- psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 73009 (x_refsource_OSVDB, vdb-entry)
- 1025657 (vdb-entry, x_refsource_SECTRACK)