Vulnerability Description
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Business Service Management | <= 9.26 |
| Adobe | Livecycle Data Services | 3.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=145706712500978&w=2Third Party Advisory
- http://www.securityfocus.com/archive/1/536266/100/0/threaded
- http://www.securityfocus.com/bid/76394
- http://www.securitytracker.com/id/1033337
- http://www.vmware.com/security/advisories/VMSA-2015-0008.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party Advisory
- https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.h
- https://helpx.adobe.com/security/products/livecycleds/apsb15-20.htmlPatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-22-508/
- http://marc.info/?l=bugtraq&m=145706712500978&w=2Third Party Advisory
- http://www.securityfocus.com/archive/1/536266/100/0/threaded
- http://www.securityfocus.com/bid/76394
- http://www.securitytracker.com/id/1033337
- http://www.vmware.com/security/advisories/VMSA-2015-0008.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party Advisory
FAQ
What is CVE-2015-3269?
CVE-2015-3269 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.3541...
How severe is CVE-2015-3269?
CVE-2015-3269 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3269?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Business Service Management, Adobe Livecycle Data Services.