Lucene search

[email protected]CVE-2017-3008

HistoryApr 27, 2017 - 2:59 p.m.

CVE-2017-3008

2017-04-2714:59:00

CWE-79

[email protected]

web.nvd.nist.gov

adobe

coldfusion

2016

update

cross-site scripting

vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

8.8 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.

CPENameOperatorVersion
adobe:coldfusionadobe coldfusioneq2016
adobe:coldfusionadobe coldfusioneq11.0
adobe:coldfusionadobe coldfusioneq10.0

CPE	Name	Operator	Version
adobe:coldfusion	adobe coldfusion	eq	2016
adobe:coldfusion	adobe coldfusion	eq	11.0
adobe:coldfusion	adobe coldfusion	eq	10.0

References

www.securityfocus.com/bid/98002

www.securitytracker.com/id/1038364

helpx.adobe.com/security/products/coldfusion/apsb17-14.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

8.8 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2017-3008

prion1 cvelist1 threatpost1 nessus1 openvas1 adobe1