Lucene search

AdobeCVE-2022-42340

HistoryOct 14, 2022 - 8:15 p.m.

CVE-2022-42340

2022-10-1420:15:17

CWE-20

adobe

web.nvd.nist.gov

cve-2022-42340

adobe coldfusion

update 14

update 4

improper input validation

vulnerability

file system read

exploitation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

69.8%

JSON

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.

Affected configurations

Nvd

Node

adobecoldfusionMatch2018-

adobecoldfusionMatch2018update1

adobecoldfusionMatch2018update10

adobecoldfusionMatch2018update11

adobecoldfusionMatch2018update12

adobecoldfusionMatch2018update13

adobecoldfusionMatch2018update14

adobecoldfusionMatch2018update2

adobecoldfusionMatch2018update3

adobecoldfusionMatch2018update4

adobecoldfusionMatch2018update5

adobecoldfusionMatch2018update6

adobecoldfusionMatch2018update7

adobecoldfusionMatch2018update8

adobecoldfusionMatch2018update9

adobecoldfusionMatch2021-

adobecoldfusionMatch2021update1

adobecoldfusionMatch2021update2

adobecoldfusionMatch2021update3

adobecoldfusionMatch2021update4

VendorProductVersionCPE
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*
adobecoldfusion2018cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:-::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update1::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update10::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update11::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update12::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update13::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update14::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update2::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update3::::::
adobe	coldfusion	2018	cpe:2.3:a:adobe:coldfusion:2018:update4::::::

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "ColdFusion",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2021U4",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2018u14",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]