CVE-2022-38420 Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service

🗓️ 14 Oct 2022 19:42:56Reported by adobeType

Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerability of the ColdFusion software platform, related to the use of pre-installed credentials, allows a hacker to trigger a service failure.	11 Mar 202300:00	–	bdu_fstec
Circl	CVE-2022-38420	15 Oct 202200:29	–	circl
CNNVD	Adobe ColdFusion 信任管理问题漏洞	12 Oct 202200:00	–	cnnvd
CNVD	Adobe ColdFusion trust management issue vulnerability	14 Oct 202200:00	–	cnvd
Tenable Nessus	Adobe ColdFusion < 2018.x < 2018u15 / 2021.x < 2021u5 Multiple Vulnerabilities (APSB22-44)	13 Oct 202200:00	–	nessus
Check Point Advisories	Adobe ColdFusion Authentication Bypass (APSB22-44: CVE-2022-38420)	13 Oct 202200:00	–	checkpoint_advisories
CVE	CVE-2022-38420	14 Oct 202219:42	–	cve
EUVD	EUVD-2022-41005	14 Oct 202219:42	–	euvd
NCSC	Vulnerabilities fixed in Adobe products	12 Oct 202200:00	–	ncsc
NVD	CVE-2022-38420	14 Oct 202220:15	–	nvd

[
  {
    "vendor": "Adobe",
    "product": "ColdFusion",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2021U4",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2018u14",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
helpx	www.helpx.adobe.com/security/products/coldfusion/apsb22-44.html

14 Oct 2022 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.5

EPSS0.00963

CWE-798