Vulnerability Name:

CVE-2011-2461 (CCN-71580)

Assigned:2011-11-30
Published:2011-11-30
Updated:2017-11-09
Summary:Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: UNKNOWN
http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html

Source: MISC
Type: UNKNOWN
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html

Source: MITRE
Type: CNA
CVE-2011-2461

Source: CCN
Type: HP Security Bulletin HPSBMU02769 SSRT100846
HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://kb2.adobe.com/cps/915/cpsid_91544.html

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html

Source: CCN
Type: SA47053
Adobe Flex Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: UNKNOWN
47053

Source: CCN
Type: Adobe Product Security Bulletin APSB11-25
Security update available for Flex SDK

Source: CONFIRM
Type: Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb11-25.html

Source: CCN
Type: OSVDB ID: 77425
Adobe Flex SDK SWF File Unspecified XSS

Source: CCN
Type: BID-50869
Adobe Flex SDK CVE-2011-2461 Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
adobe-flex-modules-xss(71580)

Source: MISC
Type: UNKNOWN
https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-years-after-patch/111754

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flex_sdk:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.5.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hp:systems_insight_manager:4.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:4.2:sp2:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:sp5:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:5.3:update_1:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex:_sdk:3.0.1:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex:_sdk:3.1:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex:_sdk:3.2:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex:_sdk:3.3:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:3.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:systems_insight_manager:6.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe flex sdk 3.0
    adobe flex sdk 3.0.1
    adobe flex sdk 3.1
    adobe flex sdk 3.2
    adobe flex sdk 3.3
    adobe flex sdk 3.4
    adobe flex sdk 3.4.1
    adobe flex sdk 3.5
    adobe flex sdk 3.5a
    adobe flex sdk 3.6
    adobe flex sdk 4.0
    adobe flex sdk 4.1
    adobe flex sdk 4.5
    adobe flex sdk 4.5.1
    hp systems insight manager 4.2 sp1
    hp systems insight manager 4.2 sp2
    hp systems insight manager 5.0 sp1
    hp systems insight manager 5.0 sp2
    hp systems insight manager 5.0 sp3
    hp systems insight manager 5.0 sp5
    hp systems insight manager 4.0
    hp systems insight manager 5.0
    hp systems insight manager 5.3
    hp systems insight manager 5.3 update_1
    hp systems insight manager 6.0
    hp systems insight manager 6.1
    adobe flex sdk 3.0
    adobe flex _sdk 3.0.1
    adobe flex _sdk 3.1
    adobe flex _sdk 3.2
    adobe flex _sdk 3.3
    adobe flex sdk 3.4
    adobe flex sdk 3.4.1
    adobe flex sdk 3.5
    adobe flex sdk 3.5a
    adobe flex sdk 3.6
    adobe flex sdk 4.0
    adobe flex sdk 4.1
    adobe flex sdk 4.5
    adobe flex sdk 4.5.1
    hp systems insight manager 6.2
    hp systems insight manager 6.3