XML External Entity Vulnerability in Adobe LiveCycle Data Services
CVE-2015-3269

Currently unrated

Key Information:

Vendor: HP
Status: Business Service Management
Vendor: CVE Published:; 25 August 2015

What is CVE-2015-3269?

An XML External Entity (XXE) vulnerability in Adobe LiveCycle Data Services allows remote attackers to exploit XML messaging capabilities to read arbitrary files on the server. This could lead to exposure of sensitive data if not mitigated. The flaw arises from a misconfiguration in flex-messaging-core.jar, affecting several versions prior to their respective patches. Organizations using these versions should apply updates to protect against potential data breaches.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=145706712500978&w=2

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/76394

vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2015
Vulnerability Reserved
Apr 10, 2015