Product:

Livecycle_data_services

(Adobe)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2015-08-25 CVE-2015-3269 Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Livecycle_data_services, Business_service_management N/A
2015-11-18 CVE-2015-5255 Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. Coldfusion, Livecycle_data_services, Xp7_command_view_advanced_edition, Xp_p9000_command_view_advanced_edition N/A
2011-06-16 CVE-2011-2093 Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." Blazeds, Livecycle, Livecycle_data_services N/A
2011-06-16 CVE-2011-2092 Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." Blazeds, Livecycle, Livecycle_data_services N/A