CVE-2011-2092

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

Published: Jun 17, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2092
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
adobe / blazeds	-	4.0.1.x
adobe / livecycle_data_services	2.6	2.6.x
adobe / livecycle_data_services	3	3.x
adobe / livecycle_data_services	-	3.1.x
adobe / livecycle_data_services	2.5	2.5.x
adobe / livecycle_data_services	2.6.1	2.6.1.x
adobe / livecycle_data_services	2.5.1	2.5.1.x
adobe / livecycle	7.0	7.0.x
adobe / livecycle	8.2.1.3	8.2.1.3.x
adobe / livecycle	8.0.1.1	8.0.1.1.x
adobe / livecycle	-	9.0.0.2.x
adobe / livecycle	8.0.1.2	8.0.1.2.x
adobe / livecycle	6.0	6.0.x
adobe / livecycle	8.0.1	8.0.1.x

Vulnerability Database

289,784

CVE-2011-2092