Lucene search

[email protected]CVE-2022-38421

HistoryOct 14, 2022 - 8:15 p.m.

CVE-2022-38421

2022-10-1420:15:13

CWE-22

[email protected]

web.nvd.nist.gov

adobe

coldfusion

cve-2022-38421

path traversal

security

nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

66.3%

JSON

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges.

Affected configurations

NVD

Node

adobecoldfusionMatch2018-

adobecoldfusionMatch2018update1

adobecoldfusionMatch2018update10

adobecoldfusionMatch2018update11

adobecoldfusionMatch2018update12

adobecoldfusionMatch2018update13

adobecoldfusionMatch2018update14

adobecoldfusionMatch2018update2

adobecoldfusionMatch2018update3

adobecoldfusionMatch2018update4

adobecoldfusionMatch2018update5

adobecoldfusionMatch2018update6

adobecoldfusionMatch2018update7

adobecoldfusionMatch2018update8

adobecoldfusionMatch2018update9

adobecoldfusionMatch2021-

adobecoldfusionMatch2021update1

adobecoldfusionMatch2021update2

adobecoldfusionMatch2021update3

adobecoldfusionMatch2021update4

CPENameOperatorVersion
adobe:coldfusionadobe coldfusioneq2018
adobe:coldfusionadobe coldfusioneq2021

CPE	Name	Operator	Version
adobe:coldfusion	adobe coldfusion	eq	2018
adobe:coldfusion	adobe coldfusion	eq	2021

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "ColdFusion",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2021U4",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2018u14",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]