Vulnerabilities > Adobe > Blazeds

DATE CVE VULNERABILITY TITLE RISK
2011-06-16 CVE-2011-2093 Improper Input Validation vulnerability in Adobe Blazeds, Livecycle and Livecycle Data Services
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
network
low complexity
adobe CWE-20
5.0
5.0
2011-06-16 CVE-2011-2092 Improper Input Validation vulnerability in Adobe Blazeds, Livecycle and Livecycle Data Services
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
network
low complexity
adobe CWE-20
critical
 10.0
10
2010-02-15 CVE-2009-3960 Unspecified vulnerability in Adobe products
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
network
adobe
4.3
4.3