8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
0.952 High
EPSS
Percentile
99.4%
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
[
{
"vendor": "Adobe",
"product": "ColdFusion",
"versions": [
{
"version": "unspecified",
"lessThanOrEqual": "CF2018U15",
"status": "affected",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThanOrEqual": "CF2021U5",
"status": "affected",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThanOrEqual": "None",
"status": "affected",
"versionType": "custom"
}
]
}
]