Overview
- Description
- Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Known exploits
Data from CISA
- Vulnerability name
- Adobe BlazeDS Information Disclosure Vulnerability
- Exploit added on
- Mar 7, 2022
- Exploit action due
- Sep 7, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEF7C97E-BE99-415D-B12B-D3E7BD9EDF08",
"versionEndIncluding": "3.2"
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B015715F-9672-480E-B0AA-968D8C9070D5"
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD6C1877-7412-4FBE-9641-334971F9D153"
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28C8D6AF-EDE1-42BD-A47C-2EF8690299BD"
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "113431FB-E4BE-4416-800C-6B13AD1C0E92"
},
{
"criteria": "cpe:2.3:a:adobe:flex_data_services:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6F65E3F-F3E7-4BE9-A13B-87FFF3B3777E"
},
{
"criteria": "cpe:2.3:a:adobe:lifecycle:8.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A1EAAD5-7A00-4EC3-9F97-D2965E2569D8"
},
{
"criteria": "cpe:2.3:a:adobe:lifecycle:8.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D227BD60-5882-4C73-A642-EEE1E485FC48"
},
{
"criteria": "cpe:2.3:a:adobe:lifecycle:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3824D1B3-CE8E-488C-B241-BBD764C935F5"
},
{
"criteria": "cpe:2.3:a:adobe:lifecycle_data_services:2.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDF0B56D-E982-44CE-92E8-DA696E33717A"
},
{
"criteria": "cpe:2.3:a:adobe:lifecycle_data_services:2.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18CBBE17-8E63-4A48-997B-850702442394"
},
{
"criteria": "cpe:2.3:a:adobe:lifecycle_data_services:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3080073F-5BF3-415D-917A-C04DDCEEB311"
}
],
"operator": "OR"
}
]
}
]