Deserialization Vulnerability in Adobe LiveCycle and BlazeDS Products
CVE-2011-2092

Currently unrated

Key Information:

Vendor: Adobe
Status: Blazeds
Vendor: CVE Published:; 16 June 2011

Summary

Adobe LiveCycle Data Services and BlazeDS products are affected by a deserialization vulnerability that allows unauthorized class creation during the deserialization of AMF and AMFX data. This flaw can potentially enable attackers to exploit unknown vectors, creating significant security risks to applications utilizing these services.

References

http://www.securitytracker.com/id?1025656

vdb-entryx_refsource_SECTRACK

http://www.adobe.com/support/security/bulletins/apsb11-15...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1025657

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 16, 2011
Vulnerability Reserved
May 13, 2011