CVE-2011-2092

CVE Database · CVE-2011-2092

CVE-2011-2092

· N/AModified

CVSS v3.1

N/A

EPSS

6.06%

Published

Jun 16, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

Weaknesses (CWE)

CWE-20

Affected Products (14)

adobe · blazedsvulnerable

adobe · livecycle_data_servicesvulnerable

adobe · livecyclevulnerable

References (6)

http://www.adobe.com/support/security/bulletins/apsb11-15.html

PatchVendor Advisory

http://www.securitytracker.com/id?1025656

http://www.securitytracker.com/id?1025657

http://www.adobe.com/support/security/bulletins/apsb11-15.html

PatchVendor Advisory

http://www.securitytracker.com/id?1025656

http://www.securitytracker.com/id?1025657

KEV Catalog EPSS Scores Vendors All CVEs