Lucene search

AdobeCVE-2014-0570

HistoryOct 15, 2014 - 10:55 a.m.

CVE-2014-0570

2014-10-1510:55:06

CWE-352

adobe

web.nvd.nist.gov

cve-2014-0570

csrf

adobe coldfusion

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

45.5%

JSON

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected configurations

Nvd

Node

adobecoldfusionMatch9.0

adobecoldfusionMatch9.0update_10

adobecoldfusionMatch9.0update_12

adobecoldfusionMatch9.0.1

adobecoldfusionMatch9.0.1update_11

adobecoldfusionMatch9.0.1update_9

adobecoldfusionMatch9.0.2

adobecoldfusionMatch9.0.2update_4

adobecoldfusionMatch9.0.2update_6

adobecoldfusionMatch10.0

adobecoldfusionMatch10.0update1

adobecoldfusionMatch10.0update11

adobecoldfusionMatch10.0update12

adobecoldfusionMatch10.0update2

adobecoldfusionMatch10.0update3

adobecoldfusionMatch10.0update4

adobecoldfusionMatch10.0update8

adobecoldfusionMatch11.0

VendorProductVersionCPE
adobecoldfusion9.0cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
adobecoldfusion9.0cpe:2.3:a:adobe:coldfusion:9.0:update_10:*:*:*:*:*:*
adobecoldfusion9.0cpe:2.3:a:adobe:coldfusion:9.0:update_12:*:*:*:*:*:*
adobecoldfusion9.0.1cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*
adobecoldfusion9.0.1cpe:2.3:a:adobe:coldfusion:9.0.1:update_11:*:*:*:*:*:*
adobecoldfusion9.0.1cpe:2.3:a:adobe:coldfusion:9.0.1:update_9:*:*:*:*:*:*
adobecoldfusion9.0.2cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*
adobecoldfusion9.0.2cpe:2.3:a:adobe:coldfusion:9.0.2:update_4:*:*:*:*:*:*
adobecoldfusion9.0.2cpe:2.3:a:adobe:coldfusion:9.0.2:update_6:*:*:*:*:*:*
adobecoldfusion10.0cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	coldfusion	9.0	cpe:2.3:a:adobe:coldfusion:9.0:::::::*
adobe	coldfusion	9.0	cpe:2.3:a:adobe:coldfusion:9.0:update_10::::::
adobe	coldfusion	9.0	cpe:2.3:a:adobe:coldfusion:9.0:update_12::::::
adobe	coldfusion	9.0.1	cpe:2.3:a:adobe:coldfusion:9.0.1:::::::*
adobe	coldfusion	9.0.1	cpe:2.3:a:adobe:coldfusion:9.0.1:update_11::::::
adobe	coldfusion	9.0.1	cpe:2.3:a:adobe:coldfusion:9.0.1:update_9::::::
adobe	coldfusion	9.0.2	cpe:2.3:a:adobe:coldfusion:9.0.2:::::::*
adobe	coldfusion	9.0.2	cpe:2.3:a:adobe:coldfusion:9.0.2:update_4::::::
adobe	coldfusion	9.0.2	cpe:2.3:a:adobe:coldfusion:9.0.2:update_6::::::
adobe	coldfusion	10.0	cpe:2.3:a:adobe:coldfusion:10.0:::::::*

Rows per page:

1-10 of 181

References

helpx.adobe.com/security/products/coldfusion/apsb14-23.html

www.securitytracker.com/id/1031020

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

45.5%

JSON

Related for CVE-2014-0570