Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
2011-06-16T23:55:01.557
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | adobe | blazeds | ≤ 4.0.1 | Yes |
| Application | adobe | livecycle_data_services | ≤ 3.1 | Yes |
| Application | adobe | livecycle_data_services | 2.5 | Yes |
| Application | adobe | livecycle_data_services | 2.5.1 | Yes |
| Application | adobe | livecycle_data_services | 2.6 | Yes |
| Application | adobe | livecycle_data_services | 2.6.1 | Yes |
| Application | adobe | livecycle_data_services | 3 | Yes |
| Application | adobe | livecycle | ≤ 9.0.0.2 | Yes |
| Application | adobe | livecycle | 6.0 | Yes |
| Application | adobe | livecycle | 7.0 | Yes |
| Application | adobe | livecycle | 8.0.1 | Yes |
| Application | adobe | livecycle | 8.0.1.1 | Yes |
| Application | adobe | livecycle | 8.0.1.2 | Yes |
| Application | adobe | livecycle | 8.2.1.3 | Yes |