What is CVE-2015-3269?

CVE-2015-3269 is a vulnerability in Adobe Livecycle_data_services, classified under Information Disclosure. Published 2015-08-25.

Is CVE-2015-3269 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Adobe Livecycle_data_services

CVE-2015-3269

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote at…

Vulnerability class: Information Disclosure

EPSS: 0.133 (94.3th percentile) — read the EPSS interpretation.

Affected products

Adobe Livecycle_data_services — versions 3.0, 4.5, 4.6
Hp Business_service_management
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
HPSBGN03550 (x_refsource_HP, vendor-advisory, Third Party Advisory)
76394 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
20150819 CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (x_refsource_CONFIRM)
1033337 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-3269?: CVE-2015-3269 is a vulnerability in Adobe Livecycle_data_services, classified under Information Disclosure. Published 2015-08-25.
Is CVE-2015-3269 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.