9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.516 Medium
EPSS
Percentile
97.2%
Adobe ColdFusion in 2017 9 November 12 released a network security update in refer to the previous version, there is a serious deserialization flaws vulnerability bug(CVE-2017-11283, CVE-2017-11284, and may incur long-distance code to fulfill. When applying the Flex integration-do on Remote Adobe LiveCycle Data Management access can be a case were the flaws vulnerability bug impact, the application of the effect will open the RMI-do, the listening port is 1099’s. ColdFusion comes with the Java version is too low, not in the deserialization of the previous RMI begging the tools in the examples to stop the inspection.
360CERT Britain at the end elucidating the verification, confirm the flaws vulnerability bug exact, coherent user as soon as possible to stop the update disposal.
0x01 impact version
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.516 Medium
EPSS
Percentile
97.2%