CVE-2015-3269

CVE Database · CVE-2015-3269

CVE-2015-3269

· N/AModified

CVSS v3.1

N/A

EPSS

9.54%

Published

Aug 24, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Weaknesses (CWE)

CWE-200

Affected Products (5)

hp · business_service_managementvulnerable

adobe · livecycle_data_servicesvulnerable

References (18)

http://marc.info/?l=bugtraq&m=145706712500978&w=2

Third Party Advisory

http://www.securityfocus.com/archive/1/536266/100/0/threaded

http://www.securityfocus.com/bid/76394

http://www.securitytracker.com/id/1033337

http://www.vmware.com/security/advisories/VMSA-2015-0008.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202

Third Party Advisory

https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html

https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs