CVE-2011-2093

MEDIUM

Description

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."

References

http://osvdb.org/73009

http://www.adobe.com/support/security/bulletins/apsb11-15.html

http://www.securityfocus.com/bid/48267

http://www.securitytracker.com/id?1025656

http://www.securitytracker.com/id?1025657

https://exchange.xforce.ibmcloud.com/vulnerabilities/68026

Details

Source: MITRE

Published: 2011-06-16

Updated: 2017-08-29

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:* versions up to 4.0.1 (inclusive)

Configuration 2

OR

cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:* versions up to 3.1 (inclusive)

Configuration 3

OR

cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:* versions up to 9.0.0.2 (inclusive)

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
59684HP Systems Insight Manager < 7.0 Multiple VulnerabilitiesNessusWindows
critical