Description
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
Remediation
References
http://www.adobe.com/support/security/bulletins/apsb11-15.html
http://www.securitytracker.com/id?1025656
http://www.securitytracker.com/id?1025657
Related Vulnerabilities
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_3
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_2.13
CVE-2020-7660 Vulnerability in npm package serialize-javascript
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2017-18640 Vulnerability in maven package org.yaml:snakeyaml