Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2001-1514
HistoryOct 03, 2022 - 4:22 p.m.

CVE-2001-1514

2022-10-0316:22:33
[email protected]
web.nvd.nist.gov
20
coldfusion
cve-2001-1514
windows
security context failure
child processes
system account.

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to “operating system,” does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Affected configurations

NVD
Node
macromediacoldfusionMatch4.5
OR
macromediacoldfusionMatch5.0

Related

nvd 1
cvelist 1
nvd
nvd
CVE-2001-1514
2001-12-31 05:00:00
cvelist
cvelist
CVE-2001-1514
2022-10-03 16:22:33

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON
Related for CVE-2001-1514
nvd1cvelist1