10 matches found
CVE-2023-26347
Adobe ColdFusion is affected by an Improper Access Control vulnerability (CVE-2023-26347) in versions 2023.5 and earlier and 2021.11 and earlier, enabling unauthenticated attackers to reach the administration CFM/CFC endpoints without user interaction. The issue is a security feature bypass via a...
CVE-2023-44352
Adobe ColdFusion: Reflective XSS affecting 2023.5 (and earlier) and 2021.11 (and earlier). An unauthenticated user can lure a victim to a crafted URL that executes malicious JavaScript in the browser, potentially compromising session data. Affected component is the web interface that handles the ...
CVE-2023-44353
CVE-2023-44353 affects Adobe ColdFusion versions 2023.5 and earlier, and 2021.11 and earlier, due to a Deserialization of Untrusted Data vulnerability (WDDX) that could lead to arbitrary code execution without user interaction. Connected sources confirm the issue is a deserialization gadget class...
CVE-2023-44351
CVE-2023-44351 affects Adobe ColdFusion: Deserialization of Untrusted Data leading to Arbitrary Code Execution. Affected products/versions include ColdFusion 2023.5 and earlier and 2021.11 and earlier; exploitation does not require user interaction and is rated CRITICAL (CVSSv3.1: 9.8). The vulne...
CVE-2023-44350
Adobe ColdFusion is affected by a Deserialization of Untrusted Data vulnerability (CWE-502) that can lead to Arbitrary Code Execution without user interaction. Affected products include ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier). The root cause is deserialization of untrus...
CVE-2023-44355
Adobe ColdFusion is affected by CVE-2023-44355 (Improper Input Validation) across ColdFusion 2023.5 and earlier and 2021.11 and earlier. The issue can allow an unauthenticated attacker to bypass a security feature and impact a minor integrity aspect, with exploitation requiring user interaction. ...
CVE-2022-28818
CVE-2022-28818 is a reflected Cross‑Site Scripting vulnerability affecting Adobe ColdFusion 2021 (CF2021U3 and earlier) and ColdFusion 2018 (CF2018U13). The issue arises from improper handling of user-supplied input in vulnerable pages, allowing malicious JavaScript to execute in a victim’s brows...
CVE-2021-40699
CVE-2021-40699 affects Adobe ColdFusion 2021 update 1 and earlier and ColdFusion 2018.10 and earlier. The issue is an improper access control in the CFIDE path that could let an authenticated attacker access and manipulate arbitrary data in the environment. The vulnerability is mapped to a high s...
CVE-2021-40698
CVE-2021-40698 affects Adobe ColdFusion 2021 update 1 and earlier, and 2018.10 and earlier. Root cause: use of an inherently dangerous function leading to a security feature bypass. Impact: an authenticated attacker could access and manipulate arbitrary data in the environment. Mitigation: apply ...
CVE-2011-0733
CVE-2011-0733 is an XSS vulnerability in Adobe ColdFusion prior to 9.0.1 CHF1. An attacker can inject arbitrary script/HTML via the User-Agent HTTP header when issuing an id=- query to a .cfm file. Root cause details are not provided beyond the description; affected software is Adobe ColdFusion b...