Adobe patches important flaw in LiveCycle Data Services

Adobe Systems released a security patch for LiveCycle Data Services, a development tool used by businesses to synchronize data between back-end servers and rich Internet applications built with Adobe Flex or AIR.

The hotfix is available for LiveCycle Data Services 3.0.0, 4.5.1, 4.6.2 and 4.7.0 and addresses a vulnerability that could lead to information disclosure.

The flaw is tracked as CVE-2015-3269 in the Common Vulnerabilities and Exposures database and is rated important by Adobe.

The issue is associated with parsing crafted XML entities and falls into a class of vulnerabilities known as XML External Entity (XXE).

To read this article in full or to leave a comment, please click here