6.5

CVE-2009-3960

Warnung
Exploit

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeBlazeds Version <= 3.2
AdobeColdfusion Version7.0.2
AdobeColdfusion Version8.0
AdobeColdfusion Version8.0.1
AdobeColdfusion Version9.0
AdobeFlex Data Services Version2.0.1
AdobeLivecycle Version8.0.1
AdobeLivecycle Version8.2.1
AdobeLivecycle Version9.0
AdobeLivecycle Data Services Version2.5.1
AdobeLivecycle Data Services Version2.6.1

07.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe BlazeDS Information Disclosure Vulnerability

Schwachstelle

Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 86.27% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
http://securitytracker.com/id?1023584
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/38197
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/41855/
Third Party Advisory
Exploit
VDB Entry