Vulnerability CVE-2011-2092
Published: 2011-06-16   Modified: 2012-02-13

Description:
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Blazeds 
Adobe -> Livecycle 
Adobe -> Livecycle data services 

 References:
http://www.adobe.com/support/security/bulletins/apsb11-15.html
http://www.securitytracker.com/id?1025657
http://www.securitytracker.com/id?1025656
Copyright 2024, cxsecurity.com

 

Back to Top