Adobe patches flaw in LiveCycle Data Services

News by Doug Olenick

Adobe released a hotfix for LiveCycle Data Services, patching a vulnerability that could result in information being disclosed.

A hotfix released by Adobe on Tuesday addresses a vulnerability (CVE-2015-3269) in LiveCycle Data Services that could lead to information being disclosed.

The updated versions are 4.7.0.354169, 4.6.2.354169, 4.5.1.354169, and 3.0.0.354170 for Windows, Macintosh and Unix. Adobe rates the fix as a priority 3 update, which means the company recommends administrators install the update at their discretion. Priority 1 and 2 rated patches require faster action.

The vulnerability is associated with parsing crafted XML entities, which could lead to information being disclosed, Adobe said on its site.

“We are not currently aware of any reports of this vulnerability being exploited,” Adobe spokesperson Erika Strong told SCMagazine.com Tuesday in an email correspondence. “This issue was responsibly disclosed to Adobe.”

Adobe credited Matthias Kaiser of Code White for bringing the issue to the company's attention.

Topics:
Security

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike