Unrated severityNVD Advisory· Published Jun 16, 2011· Updated Jun 16, 2026
CVE-2011-2092
CVE-2011-2092
Description
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
Affected products
17cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*range: <=4.0.1
- (no CPE)range: <=4.0.1
cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*range: <=9.0.0.2
- cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*
- (no CPE)range: <=9.0.0.2
cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*range: <=3.1
- cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*
- (no CPE)range: <=3.1
Patches
Vulnerability mechanics
References
3- www.adobe.com/support/security/bulletins/apsb11-15.htmlnvdPatchVendor Advisory
- www.securitytracker.com/idnvd
- www.securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.