Unrated severityNVD Advisory· Published Jun 16, 2011· Updated Apr 29, 2026

CVE-2011-2092

Description

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

Affected products

Adobe Inc./Blazeds
cpe:2.3:a:adobe:blazeds:*:*:*:*:*:*:*:*
Range: <=4.0.1
Adobe Inc./Livecycle7 versions
cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:adobe:livecycle:*:*:*:*:*:*:*:*range: <=9.0.0.2
- cpe:2.3:a:adobe:livecycle:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*
Adobe Inc./Livecycle Data Services6 versions
cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:adobe:livecycle_data_services:*:*:*:*:*:*:*:*range: <=3.1
- cpe:2.3:a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.adobe.com/support/security/bulletins/apsb11-15.htmlnvdPatchVendor Advisory
www.securitytracker.com/idnvd
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000