Vulnerability Name:

CVE-2011-2092 (CCN-68030)

Assigned:2011-06-14
Published:2011-06-14
Updated:2011-09-07
Summary:Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2092

Source: CCN
Type: HP Security Bulletin HPSBMU02769 SSRT100846
HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities

Source: CCN
Type: SA44938
GraniteDS AMF3 Object Deserialization Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb11-15.html

Source: CCN
Type: Granite Data Services Web site
Granite Data Services 2.2.1 GA Released

Source: CCN
Type: OSVDB ID: 73008
Adobe LiveCycle / BlazeDS Unrestricted Class Creation AMF/AMFX Deserialization Arbitrary Code Execution

Source: CCN
Type: BID-48279
BlazeDS and GraniteDS AMF/AMFX Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1025656

Source: SECTRACK
Type: UNKNOWN
1025657

Source: XF
Type: UNKNOWN
graniteds-amf-code-execution(68030)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:blazeds:*:*:*:*:*:*:*:* (Version <= 4.0.1)

    • Configuration 2:
  • cpe:/a:adobe:livecycle_data_services:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle_data_services:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle_data_services:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle_data_services:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle_data_services:3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle_data_services:*:*:*:*:*:*:*:* (Version <= 3.1)

    • Configuration 3:
  • cpe:/a:adobe:livecycle:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle:8.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle:8.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle:8.2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:livecycle:*:*:*:*:*:*:*:* (Version <= 9.0.0.2)

    • Configuration CCN 1:
  • cpe:/a:hp:systems_insight_manager:4.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:4.2:sp2:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp5:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.3:update_1:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe blazeds *
    adobe livecycle data services 2.5
    adobe livecycle data services 2.5.1
    adobe livecycle data services 2.6
    adobe livecycle data services 2.6.1
    adobe livecycle data services 3
    adobe livecycle data services *
    adobe livecycle 6.0
    adobe livecycle 7.0
    adobe livecycle 8.0.1
    adobe livecycle 8.0.1.1
    adobe livecycle 8.0.1.2
    adobe livecycle 8.2.1.3
    adobe livecycle *
    hp systems insight manager 4.2 sp1
    hp systems insight manager 4.2 sp2
    hp systems insight manager 5.0 sp1
    hp systems insight manager 5.0 sp2
    hp systems insight manager 5.0 sp3
    hp systems insight manager 5.0 sp5
    hp systems insight manager 4.0
    hp systems insight manager 5.0
    hp systems insight manager 5.3
    hp systems insight manager 5.3 update_1
    hp systems insight manager 6.0
    hp systems insight manager 6.1
    hp systems insight manager 6.2
    hp systems insight manager 6.3