Adobe BlazeDS is prone to an XML-injection vulnerability and an XML External Entity injection vulnerability.
Attackers can exploit these issues to obtain sensitive information and carry out other attacks.
Updates are available, please refer to the linked advisory.
The following applications are affected: BlazeDS 3.2 and earlier versions LiveCycle 9.0, 8.2.1, and 8.0.1 LiveCycle Data Services 3.0, 2.6.1, and 2.5.1 Flex Data Services 2.0.1 ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2
Send an modificated GET request and check the response