VMware has warned users of its vCenter, vCloud Director and Horizon products that they need to patch a flaw in Flex BlazeDS. The flaw, CVE-2015-3269, means Apache Flex BlazeDS “allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.” The Apache software creates problems when “used in flex-messaging-core.jar in Adobe LiveCycle Data Services”. The CVE notice we’ve linked to above explains the many versions of the Adobe software that has the problem.
View full story
ORIGINAL SOURCE: The Register