Description
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48267
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68026
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025656
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb11-15.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/73009
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025657
Scores
EPSS
0.0377
EPSS Percentile
88.7%
Details
CWE
CWE-20
Status
published
Products (14)
adobe/blazeds
< 4.0.1
adobe/livecycle
6.0
adobe/livecycle
7.0
adobe/livecycle
8.0.1
adobe/livecycle
8.0.1.1
adobe/livecycle
8.0.1.2
adobe/livecycle
8.2.1.3
adobe/livecycle
< 9.0.0.2
adobe/livecycle_data_services
2.5
adobe/livecycle_data_services
2.5.1
... and 4 more
Published
Jun 16, 2011
Tracked Since
Feb 18, 2026