Lucene search
K

10 matches found

CVE
CVE
added 2023/11/17 1:31 p.m.129 views

CVE-2023-26347

Adobe ColdFusion is affected by an Improper Access Control vulnerability (CVE-2023-26347) in versions 2023.5 and earlier and 2021.11 and earlier, enabling unauthenticated attackers to reach the administration CFM/CFC endpoints without user interaction. The issue is a security feature bypass via a...

7.5CVSS7.4AI score0.10072EPSS
CVE
CVE
added 2023/11/17 1:31 p.m.122 views

CVE-2023-44352

Adobe ColdFusion: Reflective XSS affecting 2023.5 (and earlier) and 2021.11 (and earlier). An unauthenticated user can lure a victim to a crafted URL that executes malicious JavaScript in the browser, potentially compromising session data. Affected component is the web interface that handles the ...

6.1CVSS5.9AI score0.84811EPSS
In wild
CVE
CVE
added 2023/11/17 1:31 p.m.112 views

CVE-2023-44353

CVE-2023-44353 affects Adobe ColdFusion versions 2023.5 and earlier, and 2021.11 and earlier, due to a Deserialization of Untrusted Data vulnerability (WDDX) that could lead to arbitrary code execution without user interaction. Connected sources confirm the issue is a deserialization gadget class...

9.8CVSS9.5AI score0.80178EPSS
In wild
CVE
CVE
added 2023/11/17 1:31 p.m.105 views

CVE-2023-44351

CVE-2023-44351 affects Adobe ColdFusion: Deserialization of Untrusted Data leading to Arbitrary Code Execution. Affected products/versions include ColdFusion 2023.5 and earlier and 2021.11 and earlier; exploitation does not require user interaction and is rated CRITICAL (CVSSv3.1: 9.8). The vulne...

9.8CVSS9.6AI score0.5016EPSS
CVE
CVE
added 2023/11/17 1:31 p.m.101 views

CVE-2023-44350

Adobe ColdFusion is affected by a Deserialization of Untrusted Data vulnerability (CWE-502) that can lead to Arbitrary Code Execution without user interaction. Affected products include ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier). The root cause is deserialization of untrus...

9.8CVSS9.6AI score0.64558EPSS
CVE
CVE
added 2023/11/17 1:31 p.m.91 views

CVE-2023-44355

Adobe ColdFusion is affected by CVE-2023-44355 (Improper Input Validation) across ColdFusion 2023.5 and earlier and 2021.11 and earlier. The issue can allow an unauthenticated attacker to bypass a security feature and impact a minor integrity aspect, with exploitation requiring user interaction. ...

4.3CVSS4.8AI score0.47169EPSS
CVE
CVE
added 2022/05/12 6:59 p.m.83 views

CVE-2022-28818

CVE-2022-28818 is a reflected Cross‑Site Scripting vulnerability affecting Adobe ColdFusion 2021 (CF2021U3 and earlier) and ColdFusion 2018 (CF2018U13). The issue arises from improper handling of user-supplied input in vulnerable pages, allowing malicious JavaScript to execute in a victim’s brows...

6.1CVSS5.7AI score0.43089EPSS
CVE
CVE
added 2023/09/07 12:54 p.m.68 views

CVE-2021-40699

CVE-2021-40699 affects Adobe ColdFusion 2021 update 1 and earlier and ColdFusion 2018.10 and earlier. The issue is an improper access control in the CFIDE path that could let an authenticated attacker access and manipulate arbitrary data in the environment. The vulnerability is mapped to a high s...

7.4CVSS7.1AI score0.00493EPSS
CVE
CVE
added 2023/09/07 12:54 p.m.54 views

CVE-2021-40698

CVE-2021-40698 affects Adobe ColdFusion 2021 update 1 and earlier, and 2018.10 and earlier. Root cause: use of an inherently dangerous function leading to a security feature bypass. Impact: an authenticated attacker could access and manipulate arbitrary data in the environment. Mitigation: apply ...

7.4CVSS7.2AI score0.00536EPSS
CVE
CVE
added 2011/02/01 5:0 p.m.42 views

CVE-2011-0733

CVE-2011-0733 is an XSS vulnerability in Adobe ColdFusion prior to 9.0.1 CHF1. An attacker can inject arbitrary script/HTML via the User-Agent HTTP header when issuing an id=- query to a .cfm file. Root cause details are not provided beyond the description; affected software is Adobe ColdFusion b...

4.3CVSS5.8AI score0.04085EPSS