Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistAdobeCVELIST:CVE-2022-42340
HistoryOct 14, 2022 - 7:42 p.m.

CVE-2022-42340 Adobe ColdFusion Improper Input Validation Arbitrary file system read

2022-10-1419:42:57
CWE-20
adobe
www.cve.org
4
adobe coldfusion
update 14
input validation
vulnerability
arbitrary file system read
exploitation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "ColdFusion",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2021U4",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "CF2018u14",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Related

checkpoint_advisories 1
prion 1
nvd 1
cnvd 1
cve 1
nessus 1
adobe 1
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion Improper Input Validation (APSB22-44: CVE-2022-42340)
2022-10-13 00:00:00
prion
prion
Input validation
2022-10-14 20:15:00
nvd
nvd
CVE-2022-42340
2022-10-14 20:15:17
cnvd
cnvd
Adobe ColdFusion input validation error vulnerability
2022-10-14 00:00:00
cve
cve
CVE-2022-42340
2022-10-14 20:15:17
nessus
nessus
Adobe ColdFusion < 2018.x < 2018u15 / 2021.x < 2021u5 Multiple Vulnerabilities (APSB22-44)
2022-10-13 00:00:00
adobe
adobe
APSB22-44: Security updates available for ColdFusion
2022-10-11 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON
Related for CVELIST:CVE-2022-42340
checkpoint_advisories1prion1nvd1cnvd1cve1nessus1adobe1