CVE-2009-3960

6.5 MEDIUM CISA KEV - Actively Exploited
Published: February 15, 2010 Modified: October 22, 2025
View on NVD

Description

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/38543
Source: psirt@adobe.com
Broken Link
http://securitytracker.com/id?1023584
Source: psirt@adobe.com
Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/security/bulletins/apsb10-05.html
Source: psirt@adobe.com
Not Applicable Vendor Advisory
http://www.osvdb.org/62292
Source: psirt@adobe.com
Broken Link
http://www.securityfocus.com/bid/38197
Source: psirt@adobe.com
Broken Link Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41855/
Source: psirt@adobe.com
Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/38543
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://securitytracker.com/id?1023584
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/security/bulletins/apsb10-05.html
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Vendor Advisory
http://www.osvdb.org/62292
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/38197
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41855/
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3960
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

13 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.5 / 10.0
EPSS (Exploit Probability)
88.7%
99th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-09-07

Affected Vendors

adobe