6.5
CVE-2009-3960
- EPSS 90.01%
- Veröffentlicht 15.02.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:42
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Coldfusion Version7.0.2
Adobe ≫ Coldfusion Version8.0
Adobe ≫ Coldfusion Version8.0.1
Adobe ≫ Coldfusion Version9.0
Adobe ≫ Flex Data Services Version2.0.1
Adobe ≫ Livecycle Data Services Version2.5.1
Adobe ≫ Livecycle Data Services Version2.6.1
Adobe ≫ Livecycle Data Services Version3.0
07.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe BlazeDS Information Disclosure Vulnerability
SchwachstelleAdobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 90.01% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
http://secunia.com/advisories/38543
http://securitytracker.com/id?1023584
http://www.adobe.com/support/security/bulletins/apsb10-05.html
http://www.osvdb.org/62292
http://www.securityfocus.com/bid/38197
https://www.exploit-db.com/exploits/41855/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960