VYPR

Flex Blazeds

by Apache

Source repositories

CVEs (3)

  • CVE-2017-5641CriDec 28, 2017
    risk 0.58cvss 9.8epss 0.21

    Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types…

  • CVE-2015-3269Aug 25, 2015
    risk 0.01cvss epss 0.10

    Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an…

  • CVE-2015-5255Nov 18, 2015
    risk 0.00cvss epss 0.04

    Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to…