7.7 High
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.5%
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
CPE | Name | Operator | Version |
---|---|---|---|
adobe:coldfusion | adobe coldfusion | eq | 7.0 |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=510
osvdb.org/34930
secunia.com/advisories/24850
www.adobe.com/support/security/bulletins/apsb07-08.html
www.securityfocus.com/bid/23405
www.securitytracker.com/id?1017899
www.vupen.com/english/advisories/2007/1341
exchange.xforce.ibmcloud.com/vulnerabilities/33571