CVE-2011-2092

Adobe LiveCycle Data Services <3.1 - Deserialization

Title source: llm
STIX 2.1

Description

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025656
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb11-15.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025657

Scores

EPSS 0.0606
EPSS Percentile 92.5%

Details

CWE
CWE-20
Status published
Products (14)
adobe/blazeds < 4.0.1
adobe/livecycle 6.0
adobe/livecycle 7.0
adobe/livecycle 8.0.1
adobe/livecycle 8.0.1.1
adobe/livecycle 8.0.1.2
adobe/livecycle 8.2.1.3
adobe/livecycle < 9.0.0.2
adobe/livecycle_data_services 2.5
adobe/livecycle_data_services 2.5.1
... and 4 more
Published Jun 16, 2011
Tracked Since Feb 18, 2026