CVE-2011-2092

EUVD-2011-2084
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
adobeblazeds
𝑥
≤ 4.0.1
adobelivecycle_data_services
𝑥
≤ 3.1
adobelivecycle_data_services
2.5
adobelivecycle_data_services
2.5.1
adobelivecycle_data_services
2.6
adobelivecycle_data_services
2.6.1
adobelivecycle
𝑥
≤ 9.0.0.2
adobelivecycle
6.0
adobelivecycle
7.0
adobelivecycle
8.0.1
adobelivecycle
8.0.1.1
adobelivecycle
8.0.1.2
adobelivecycle
8.2.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.adobe.com/support/security/bulletins/apsb11-15.html
http://www.securitytracker.com/id?1025656
http://www.securitytracker.com/id?1025657
http://www.adobe.com/support/security/bulletins/apsb11-15.html
http://www.securitytracker.com/id?1025656
http://www.securitytracker.com/id?1025657