6.5

CVE-2009-3960

Warnung
Exploit
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeBlazeds Version <= 3.2
AdobeColdfusion Version7.0.2
AdobeColdfusion Version8.0
AdobeColdfusion Version8.0.1
AdobeColdfusion Version9.0
AdobeFlex Data Services Version2.0.1
AdobeLivecycle Version8.0.1
AdobeLivecycle Version8.2.1
AdobeLivecycle Version9.0
AdobeLivecycle Data Services Version2.5.1
AdobeLivecycle Data Services Version2.6.1

07.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe BlazeDS Information Disclosure Vulnerability

Schwachstelle

Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 90.01% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/38543
Broken Link
http://securitytracker.com/id?1023584
Third Party Advisory
Broken Link
VDB Entry
http://www.adobe.com/support/security/bulletins/apsb10-05.html
Vendor Advisory
Not Applicable
http://www.osvdb.org/62292
Broken Link
http://www.securityfocus.com/bid/38197
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/41855/
Third Party Advisory
Exploit
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960
US Government Resource