Vulnerabilites related to adobe - livecycle
CVE-2016-6934 (GCVE-0-2016-6934)
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross Site Scripting
Summary
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 |
Version: Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"name": "1037465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-21T21:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "94867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"name": "1037465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4",
"version": {
"version_data": [
{
"version_value": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94867"
},
{
"name": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"name": "1037465",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-6934",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3960 (GCVE-0-2009-3960)
Vulnerability from cvelistv5
Published
2010-02-15 18:00
Modified
2025-07-30 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"name": "1023584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"name": "62292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62292"
},
{
"name": "38543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38543"
},
{
"name": "41855",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-3960",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:42:52.303476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:47:05.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-07T00:00:00+00:00",
"value": "CVE-2009-3960 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "38197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"name": "1023584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"name": "62292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62292"
},
{
"name": "38543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38543"
},
{
"name": "41855",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38197"
},
{
"name": "1023584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023584"
},
{
"name": "62292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62292"
},
{
"name": "38543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38543"
},
{
"name": "41855",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2009-3960",
"datePublished": "2010-02-15T18:00:00.000Z",
"dateReserved": "2009-11-16T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:47:05.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2093 (GCVE-0-2011-2093)
Vulnerability from cvelistv5
Published
2011-06-16 23:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:01.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48267"
},
{
"name": "livecycle-graph-object-dos(68026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "73009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/73009"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a \"complex object graph vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "48267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48267"
},
{
"name": "livecycle-graph-object-dos(68026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "73009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/73009"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a \"complex object graph vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48267"
},
{
"name": "livecycle-graph-object-dos(68026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"name": "1025656",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "73009",
"refsource": "OSVDB",
"url": "http://osvdb.org/73009"
},
{
"name": "1025657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-2093",
"datePublished": "2011-06-16T23:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:01.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6933 (GCVE-0-2016-6933)
Vulnerability from cvelistv5
Published
2016-12-15 06:31
Modified
2024-08-06 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross Site Scripting
Summary
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 |
Version: Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"name": "1037465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-21T21:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "94867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"name": "1037465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4",
"version": {
"version_data": [
{
"version_value": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94867"
},
{
"name": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"name": "1037465",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-6933",
"datePublished": "2016-12-15T06:31:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2092 (GCVE-0-2011-2092)
Vulnerability from cvelistv5
Published
2011-06-16 23:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1025656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "1025657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025656",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"name": "1025657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-2092",
"datePublished": "2011-06-16T23:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-02-15 18:30
Modified
2025-04-11 00:51
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | blazeds | * | |
| adobe | coldfusion | 7.0.2 | |
| adobe | coldfusion | 8.0 | |
| adobe | coldfusion | 8.0.1 | |
| adobe | coldfusion | 9.0 | |
| adobe | flex_data_services | 2.0.1 | |
| adobe | livecycle | 8.0.1 | |
| adobe | livecycle | 8.2.1 | |
| adobe | livecycle | 9.0 | |
| adobe | livecycle_data_services | 2.5.1 | |
| adobe | livecycle_data_services | 2.6.1 | |
| adobe | livecycle_data_services | 3.0 |
{
"cisaActionDue": "2022-09-07",
"cisaExploitAdd": "2022-03-07",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Adobe BlazeDS Information Disclosure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF7C97E-BE99-415D-B12B-D3E7BD9EDF08",
"versionEndIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B015715F-9672-480E-B0AA-968D8C9070D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C1877-7412-4FBE-9641-334971F9D153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28C8D6AF-EDE1-42BD-A47C-2EF8690299BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "113431FB-E4BE-4416-800C-6B13AD1C0E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F65E3F-F3E7-4BE9-A13B-87FFF3B3777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3890CE6C-D8D0-4406-ACE1-9849CFCA72F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82D29A25-10F2-4FFB-A9BC-B7AAD6D1A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6804632-7EA5-45AB-91A3-C05D3426CA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262ED6C7-3C78-4863-9056-A9D55C7DB6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFE9CD7-0DB5-4038-AFB5-1B756186605C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE5075B-DB11-47F3-9601-F4956ECF5047",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en BlazeDS v3.2 y anteriores, tal como es utilizado en LiveCycle v8.0.1, v8.2.1 y v9.0, LiveCycle Data Services v2.5.1, v2.6.1 y v3.0, Flex Data Services v2.0.1 y ColdFusion v7.0.2, v8.0, v8.0.1 y v9.0. Permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de vectores de ataque asociados con una petici\u00f3n, y relacionados con una etiqueta inyectada y una referencia a una entidad externa en documentos XML."
}
],
"id": "CVE-2009-3960",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2010-02-15T18:30:00.407",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38543"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"source": "psirt@adobe.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/62292"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"source": "psirt@adobe.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/62292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/38197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41855/"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-16 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | blazeds | * | |
| adobe | livecycle_data_services | * | |
| adobe | livecycle_data_services | 2.5 | |
| adobe | livecycle_data_services | 2.5.1 | |
| adobe | livecycle_data_services | 2.6 | |
| adobe | livecycle_data_services | 2.6.1 | |
| adobe | livecycle_data_services | 3 | |
| adobe | livecycle | * | |
| adobe | livecycle | 6.0 | |
| adobe | livecycle | 7.0 | |
| adobe | livecycle | 8.0.1 | |
| adobe | livecycle | 8.0.1.1 | |
| adobe | livecycle | 8.0.1.2 | |
| adobe | livecycle | 8.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "007166D5-D7B0-486C-B4B6-C239906EF8D3",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36866-F153-47DE-871E-D92DBD8A1C2B",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "289238E6-C234-4191-911C-C6F0E51A3E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262ED6C7-3C78-4863-9056-A9D55C7DB6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8606C261-650F-43AF-BE2D-52DACFB94BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFE9CD7-0DB5-4038-AFB5-1B756186605C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*",
"matchCriteriaId": "37973B36-6229-498A-936E-D621E2ED90C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1BE8C5-F3EA-4F74-8ABE-BB5A7127DED3",
"versionEndIncluding": "9.0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "123AE8CC-080C-4684-9818-CCEC5ACC1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D59B6009-B1B1-4FE1-8330-777473CF9EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3890CE6C-D8D0-4406-ACE1-9849CFCA72F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55624316-BCFD-4555-92F0-EF5271B86081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89AE5D48-8552-4DB5-97A3-4D401559AB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C91FA2-9DBB-4B06-8DBF-D7951A947087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a \"complex object graph vulnerability.\""
},
{
"lang": "es",
"value": "Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no maneja adecuadamente los objetos gr\u00e1ficos, lo que permite a atacantes provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados, en relaci\u00f3n con una \"vulnerabilidad de objetos gr\u00e1ficos complejos\""
}
],
"id": "CVE-2011-2093",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-16T23:55:01.557",
"references": [
{
"source": "psirt@adobe.com",
"url": "http://osvdb.org/73009"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securityfocus.com/bid/48267"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025657"
},
{
"source": "psirt@adobe.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/73009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68026"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-16 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | blazeds | * | |
| adobe | livecycle_data_services | * | |
| adobe | livecycle_data_services | 2.5 | |
| adobe | livecycle_data_services | 2.5.1 | |
| adobe | livecycle_data_services | 2.6 | |
| adobe | livecycle_data_services | 2.6.1 | |
| adobe | livecycle_data_services | 3 | |
| adobe | livecycle | * | |
| adobe | livecycle | 6.0 | |
| adobe | livecycle | 7.0 | |
| adobe | livecycle | 8.0.1 | |
| adobe | livecycle | 8.0.1.1 | |
| adobe | livecycle | 8.0.1.2 | |
| adobe | livecycle | 8.2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "007166D5-D7B0-486C-B4B6-C239906EF8D3",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36866-F153-47DE-871E-D92DBD8A1C2B",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "289238E6-C234-4191-911C-C6F0E51A3E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262ED6C7-3C78-4863-9056-A9D55C7DB6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8606C261-650F-43AF-BE2D-52DACFB94BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFE9CD7-0DB5-4038-AFB5-1B756186605C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*",
"matchCriteriaId": "37973B36-6229-498A-936E-D621E2ED90C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1BE8C5-F3EA-4F74-8ABE-BB5A7127DED3",
"versionEndIncluding": "9.0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "123AE8CC-080C-4684-9818-CCEC5ACC1E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D59B6009-B1B1-4FE1-8330-777473CF9EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3890CE6C-D8D0-4406-ACE1-9849CFCA72F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55624316-BCFD-4555-92F0-EF5271B86081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89AE5D48-8552-4DB5-97A3-4D401559AB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C91FA2-9DBB-4B06-8DBF-D7951A947087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a \"deserialization vulnerability.\""
},
{
"lang": "es",
"value": "Adobe LiveCycle Data Services v3.1 y anteriores, LiveCycle v9.0.0.2 y anteriores, y BlazeDS v4.0.1 y anteriores no restringen adecuadamente la creaci\u00f3n de clases durante la deserializaci\u00f3n de la informci\u00f3n (1) AMF y (2) AMFX, lo que permite a atacantestener un impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-2092",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-16T23:55:01.527",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1025657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025657"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@adobe.com | http://www.securityfocus.com/bid/94867 | Third Party Advisory, VDB Entry | |
| psirt@adobe.com | http://www.securitytracker.com/id/1037465 | Third Party Advisory, VDB Entry | |
| psirt@adobe.com | https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94867 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037465 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager_forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "428A6E2E-18FB-4942-B43F-9C339F1488B5",
"versionEndIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "094B6C0F-67E4-49B9-B380-1A842CD189B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9A92D9-1FEC-4675-8EF7-67F3A67DAE62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks."
},
{
"lang": "es",
"value": "Adobe Experience Manager Forms en versi\u00f3n 6.2 y versiones anteriores, LiveCycle 11.0.1, LiveCycle 10.0.4 tienen un problema de validaci\u00f3n de entrada en el m\u00f3dulo PMAdmin que puede ser utilizado en ataques de XSS."
}
],
"id": "CVE-2016-6934",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:27.783",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94867"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037465"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | experience_manager | 6.0.0 | |
| adobe | experience_manager | 6.1.0 | |
| adobe | experience_manager | 6.2.0 | |
| adobe | livecycle | 10.0.4 | |
| adobe | livecycle | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0791D620-1EE8-44C8-92D7-3790B546C62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8996F27-91F0-42ED-963A-D46C91EC5ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0056F65-B0CA-4939-815D-560687E16710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:livecycle:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "094B6C0F-67E4-49B9-B380-1A842CD189B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:livecycle:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9A92D9-1FEC-4675-8EF7-67F3A67DAE62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks."
},
{
"lang": "es",
"value": "Adobe Experience Manager Forms en versi\u00f3n 6.2 y versiones anteriores, LiveCycle 11.0.1, LiveCycle 10.0.4 tienen un problema de validaci\u00f3n de entrada en el AACComponent que puede ser utilizado en ataques de XSS."
}
],
"id": "CVE-2016-6933",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T06:59:26.847",
"references": [
{
"source": "psirt@adobe.com",
"url": "http://www.securityfocus.com/bid/94867"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id/1037465"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}