CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
45.5%
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | coldfusion | 9.0 | cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:* |
adobe | coldfusion | 9.0 | cpe:2.3:a:adobe:coldfusion:9.0:update_10:*:*:*:*:*:* |
adobe | coldfusion | 9.0 | cpe:2.3:a:adobe:coldfusion:9.0:update_12:*:*:*:*:*:* |
adobe | coldfusion | 9.0.1 | cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:* |
adobe | coldfusion | 9.0.1 | cpe:2.3:a:adobe:coldfusion:9.0.1:update_11:*:*:*:*:*:* |
adobe | coldfusion | 9.0.1 | cpe:2.3:a:adobe:coldfusion:9.0.1:update_9:*:*:*:*:*:* |
adobe | coldfusion | 9.0.2 | cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:* |
adobe | coldfusion | 9.0.2 | cpe:2.3:a:adobe:coldfusion:9.0.2:update_4:*:*:*:*:*:* |
adobe | coldfusion | 9.0.2 | cpe:2.3:a:adobe:coldfusion:9.0.2:update_6:*:*:*:*:*:* |
adobe | coldfusion | 10.0 | cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:* |