Product
Last updated on
Feb 15, 2022
Security Hotfix Available for LiveCycle Data Services
Release date: August 18, 2015
Last updated: August 28, 2015
Vulnerability identifier: APSB15-20
Priority: See table below
CVE number: CVE-2015-3269
Platform: All Platforms
Summary
Adobe has released a security hotfix for LiveCycle Data Services. This hotfix addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the available patch using the instructions provided in the "Solution" section below.
Affected Versions
|
|
Affected Versions |
Platform |
|
LiveCycle Data Services |
4.7, 4.6.2, 4.5, 3.1.x, 3.0.x |
Windows, Macintosh and Unix |
Solution
Adobe categorizes this hotfix with the following priority rating and recommends users apply the relevant patch available below using the instructions provided in this KB article:
Patches
|
Version |
File Contents |
Checksum (SHA1) |
|
4.7.0.354169 |
flex-messaging-core.jar |
13913aeeab44cca926311d69beab7144acd5cd69 |
|
|
|
|
|
4.6.2.354169 |
flex-messaging-core.jar |
13913aeeab44cca926311d69beab7144acd5cd69 |
|
|
|
|
|
4.5.1.354169 |
flex-messaging-core.jar |
1a7caded7b92da7f7a339b4708a70a6bc0c38a0c |
|
|
|
|
|
3.1.0.354173 |
flex-messaging-core.jar |
0b6e26f5f7a70c524bdd56642a2a3201dc0a3687 |
|
|
|
|
|
3.0.0.354170 |
flex-messaging-core.jar |
0b6e26f5f7a70c524bdd56642a2a3201dc0a3687 |
Vulnerability Details
This hotfix resolves an issue associated with parsing crafted XML entities that could lead to information disclosure (CVE-2015-3269).
Acknowledgments
Adobe would like to thank Matthias Kaiser of Code White for reporting this issue and for working with Adobe to help protect our customers.
Revisions
August 28, 2015: Added 3.1.x to the list of affected versions as well as added the updated jar for version 3.1.0.354173.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online