VYPR

Livecycle

by Adobe Inc.

CVEs (6)

  • CVE-2009-3960MedKEVFeb 15, 2010
    risk 0.70cvss 6.5epss 0.90

    Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via…

  • CVE-2016-6934MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.03

    Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.

  • CVE-2016-6933MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.

  • CVE-2023-28500Apr 6, 2023
    risk 0.02cvss epss 0.01

    A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version…

  • CVE-2011-2093Jun 16, 2011
    risk 0.00cvss epss 0.04

    Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."

  • CVE-2011-2092Jun 16, 2011
    risk 0.00cvss epss 0.06

    Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors,…