← Back to CVEs
CVE-2009-3960
MEDIUMCISA KEV6.5
Description
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published2/15/2010
Last Modified4/21/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorAdobe
ProductBlazeDS
Vulnerability NameAdobe BlazeDS Information Disclosure Vulnerability
KEV Date Added2022-03-07
Remediation Due Date2022-09-07
Ransomware UseKnown
Affected Products
adobe:blazedsadobe:coldfusionadobe:flex_data_servicesadobe:livecycleadobe:livecycle_data_services
References
http://secunia.com/advisories/38543(psirt@adobe.com)
http://securitytracker.com/id?1023584(psirt@adobe.com)
http://www.adobe.com/support/security/bulletins/apsb10-05.html(psirt@adobe.com)
http://www.osvdb.org/62292(psirt@adobe.com)
http://www.securityfocus.com/bid/38197(psirt@adobe.com)
https://www.exploit-db.com/exploits/41855/(psirt@adobe.com)
http://secunia.com/advisories/38543(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023584(af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb10-05.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/62292(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/38197(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41855/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.