Unrated severityNVD Advisory· Published Aug 25, 2015· Updated May 6, 2026

CVE-2015-3269

Description

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/livecycleds/apsb15-20.htmlnvdPatchVendor Advisory
marc.infonvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
www.securityfocus.com/archive/1/536266/100/0/threadednvd
www.securityfocus.com/bid/76394nvd
www.securitytracker.com/id/1033337nvd
www.vmware.com/security/advisories/VMSA-2015-0008.htmlnvd
helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.htmlnvd
www.zerodayinitiative.com/advisories/ZDI-22-508/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000