CISA KEV 정보
| 취약점명 | Adobe BlazeDS Information Disclosure Vulnerability |
|---|---|
| 설명 | Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Known |
| 등록일 (KEV) | 2022-03-07 |
| 조치 기한 | 2022-09-07 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2009-3960 |
NVD 상세 정보
CVSS v3.1: 6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS v2.0: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N설명: Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
참조
- http://secunia.com/advisories/38543 [Broken Link]
- http://securitytracker.com/id?1023584 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.adobe.com/support/security/bulletins/apsb10-05.html [Not Applicable, Vendor Advisory]
- http://www.osvdb.org/62292 [Broken Link]
- http://www.securityfocus.com/bid/38197 [Broken Link, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/41855/ [Exploit, Third Party Advisory, VDB Entry]
- http://secunia.com/advisories/38543 [Broken Link]
- http://securitytracker.com/id?1023584 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.adobe.com/support/security/bulletins/apsb10-05.html [Not Applicable, Vendor Advisory]
- http://www.osvdb.org/62292 [Broken Link]
- http://www.securityfocus.com/bid/38197 [Broken Link, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/41855/ [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960
This product uses the NVD API but is not endorsed or certified by the NVD.