CVE-2015-3269: Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability

First published: Tue Aug 25 2015(Updated: )

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• collector/mitre-cve
• source/MITRE
• agent/remedy
• agent/last-modified-date
• agent/author
• agent/title
• agent/references
• agent/severity
• agent/weakness
• agent/description
• agent/first-publish-date
• agent/tags
• agent/softwarecombine
• agent/event
• collector/zdi-advisory
• source/ZDI
• alias/ZDI-22-508
• alias/ZDI-CAN-15192
• alias/CVE-2015-3269
• agent/software-canonical-lookup
• vendor/hp
• canonical/hp business service management
• version/hp business service management/9.26
• vendor/adobe
• canonical/adobe livecycle data services
• version/adobe livecycle data services/3.0
• version/adobe livecycle data services/4.5
• version/adobe livecycle data services/4.6
• version/adobe livecycle data services/4.7
• vendor/cisco
• canonical/cisco nexus dashboard fabric controller