CVE-2009-3960
KEV
🔴 Łataj teraz
Nieokreślona podatność w BlazeDS umożliwia zdalnym atakującym uzyskanie poufnych informacji.
CVSS
6.5
EPSS
90.4%
Exploit
weaponized
Vendor
adobe
Opis źródłowy (NVD)
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.5 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 90.4% |
| Opublikowano (NVD) | 2010-02-15 18:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 21:12:29 UTC |
Referencje
- http://secunia.com/advisories/38543 (psirt@adobe.com) [Broken Link]
- http://securitytracker.com/id?1023584 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.adobe.com/support/security/bulletins/apsb10-05.html (psirt@adobe.com) [Not Applicable, Vendor Advisory]
- http://www.osvdb.org/62292 (psirt@adobe.com) [Broken Link]
- http://www.securityfocus.com/bid/38197 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/41855/ (psirt@adobe.com) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]