Lucene search
+L
AdobeColdfusion2016

42 matches found

cve
cve
added 2018/09/25 1:0 p.m.1117 views

CVE-2018-15961

CVE-2018-15961 affects Adobe ColdFusion 2018 (July 12 release 2018.0.0.310739) and Update 6 and earlier, and Update 14 and earlier. The vulnerability is an unrestricted file upload via CKEditor (upload.cfm) that could allow remote attackers to upload arbitrary files and execute code on the affect...

10CVSS9.5AI score0.9995EPSS
In wild
cve
cve
added 2018/05/19 5:0 p.m.950 views

CVE-2018-4939

Adobe ColdFusion is affected by CVE-2018-4939 due to a Deserialization of Untrusted Data vulnerability in Update 5 and earlier (and ColdFusion 11 Update 13 and earlier). The issue arises from insecure deserialization in the DataServicesCFProxy/integration flow, enabling arbitrary code execution u...

10CVSS9.5AI score0.63304EPSS
In wild
cve
cve
added 2017/04/27 2:0 p.m.274 views

CVE-2017-3066

CVE-2017-3066 is an Adobe ColdFusion deserialization vulnerability in the Apache BlazeDS library. Affected products include ColdFusion 2016 Update 3 and earlier, ColdFusion 11 Update 11 and earlier, and ColdFusion 10 Update 22 and earlier. The flaw stems from Java deserialization of BlazeDS objec...

10CVSS9.5AI score0.90597EPSS
In wildWeb
cve
cve
added 2021/04/15 1:54 p.m.145 views

CVE-2021-21087

Adobe ColdFusion is affected by CVE-2021-21087: an Improper Neutralization of Input During Web Page Generation (XSS) in CF2016 (before 2016u17), CF2018 (before 2018u11), and CF2021 (before 2021u1). The vulnerability allows an attacker to execute arbitrary JavaScript in the context of the current ...

5.4CVSS5.7AI score0.37095EPSS
In wild
cve
cve
added 2019/06/12 3:14 p.m.128 views

CVE-2019-7839

Adobe ColdFusion is affected by a command injection vulnerability (CVE-2019-7839) in Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier. Successful exploitation could result in arbitrary code execution. The issue is documented across multiple sources in 2019 advisories (e.g., ...

10CVSS9.7AI score0.44098EPSS
cve
cve
added 2017/12/01 8:0 a.m.103 views

CVE-2017-11283

CVE-2017-11283 is a Java deserialization flaw in Adobe ColdFusion's insecure handling of untrusted data (notably via DataServicesCFProxy). Affected: ColdFusion 2016 Update 4 and earlier; ColdFusion 11 Update 12 and earlier. The root cause is unsafe deserialization which could allow remote code ex...

9.8CVSS9.3AI score0.42721EPSS
cve
cve
added 2017/12/01 8:0 a.m.95 views

CVE-2017-11284

CVE-2017-11284 is an insecure deserialization vulnerability in Adobe ColdFusion. The root cause is lack of input validation in the RMI/Flex deserialization path, allowing remote code execution. Affected: ColdFusion 2016 Update 4 and earlier; ColdFusion 11 Update 12 and earlier. Impact (as stated)...

9.8CVSS9.4AI score0.42721EPSS
cve
cve
added 2019/06/12 3:13 p.m.94 views

CVE-2019-7838

Adobe ColdFusion prior to updates 11.x/2016.x/2018.x are vulnerable to CVE-2019-7838 due to a file extension blacklist bypass, enabling arbitrary code execution on successful exploitation. The Red Hat/NVD/Nessus entries confirm the same issue and indicate remediation by updating to affected patch...

10CVSS9.5AI score0.17447EPSS
cve
cve
added 2019/06/12 3:14 p.m.87 views

CVE-2019-7840

CVE-2019-7840 affects Adobe ColdFusion. The vulnerability is caused by deserialization of untrusted data in ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier, with the potential for arbitrary code execution on successful exploitation (impact: high). Public...

10CVSS9.6AI score0.17222EPSS
cve
cve
added 2020/07/17 12:1 a.m.83 views

CVE-2020-9673

CVE-2020-9673 affects Adobe ColdFusion 2016 (Update 15 and earlier) and ColdFusion 2018 (Update 9 and earlier) due to a DLL search-order hijacking vulnerability that could enable privilege escalation. Public sources corroborate that patches are released under APSB20-43, with advisories noting upd...

7.8CVSS7.4AI score0.01045EPSS
cve
cve
added 2019/05/24 6:42 p.m.82 views

CVE-2019-7092

Adobe ColdFusion is affected by CVE-2019-7092 (XSS leading to information disclosure). The issue impacts ColdFusion 2018 (update 1 and earlier), 2016 (update 7 and earlier), and ColdFusion 11 (update 15 and earlier). The Root cause is cross-site scripting in the ColdFusion component. Remediation ...

6.1CVSS6.9AI score0.02391EPSS
cve
cve
added 2019/05/24 6:42 p.m.80 views

CVE-2019-7091

CVE-2019-7091 is an Adobe ColdFusion deserialization vulnerability (deserialization of untrusted data) that allows arbitrary code execution. Affected products, per connected documents, are ColdFusion 2018 Update 1 and earlier, ColdFusion 2016 Update 7 and earlier, and ColdFusion 11 Update 15 and ...

10CVSS9.6AI score0.25704EPSS
cve
cve
added 2019/09/27 3:19 p.m.80 views

CVE-2019-8073

The CVE-2019-8073 issue affects Adobe ColdFusion: ColdFusion 2018 Update 4 and earlier and ColdFusion 2016 Update 11 and earlier are vulnerable to a command-injection via a vulnerable component that could allow arbitrary code execution in the context of the current user. The vulnerability is addr...

10CVSS9.6AI score0.08252EPSS
cve
cve
added 2019/05/24 5:36 p.m.79 views

CVE-2019-7816

CVE-2019-7816 affects Adobe ColdFusion: Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier. The issue is a file upload restriction bypass that could allow arbitrary code execution on a vulnerable system. The vulnerability is described across multiple sources in the Connected do...

10CVSS9.6AI score0.67091EPSS
cve
cve
added 2017/12/01 8:0 a.m.76 views

CVE-2017-11285

CVE-2017-11285: Adobe ColdFusion XSS vulnerability in CFML processing. Affects ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier. Root cause is cross-site scripting due to improper input handling; exploitation leads to browser-script execution and potential information...

6.1CVSS7.2AI score0.02733EPSS
cve
cve
added 2018/09/25 1:0 p.m.73 views

CVE-2018-15957

CVE-2018-15957 affects Adobe ColdFusion (2018 July 12 release 2018.0.0.310739; Update 6 and earlier; Update 14 and earlier) with a deserialization of untrusted data flaw that can lead to arbitrary code execution. Connected sources also reference explicit remediation: upgrade to ColdFusion 2018 Up...

10CVSS9.6AI score0.28211EPSS
cve
cve
added 2017/04/27 2:0 p.m.72 views

CVE-2017-3008

CVE-2017-3008 affects Adobe ColdFusion: versions ColdFusion 2016 Update 3 and earlier, ColdFusion 11 Update 11 and earlier, and ColdFusion 10 Update 22 and earlier are affected by a reflected cross-site scripting vulnerability due to insufficient input validation. This could allow an attacker to ...

6.1CVSS6.4AI score0.03094EPSS
cve
cve
added 2021/05/27 8:55 p.m.69 views

CVE-2020-10145

CVE-2020-10145 affects the Adobe ColdFusion installer on Windows, which fails to set a secure ACL on the default installation directory (e.g., C:\ColdFusion2021). This allows unprivileged users to place files in the ColdFusion install path, enabling privilege escalation. Exploitation details are ...

7.8CVSS7.4AI score0.00501EPSS
cve
cve
added 2018/09/25 1:0 p.m.68 views

CVE-2018-15962

Adobe ColdFusion is affected by a directory listing vulnerability (CVE-2018-15962). Impacted are ColdFusion 2016 Update 6 and earlier, the 2018-07-12 release (2018.0.0.310739) and Update 14 and earlier, and ColdFusion 11 Update 14 and earlier. Successful exploitation could disclose sensitive info...

5.3CVSS6.7AI score0.05549EPSS
cve
cve
added 2019/09/27 3:16 p.m.68 views

CVE-2019-8072

CVE-2019-8072 affects Adobe ColdFusion 2018 (update 4 and earlier) and ColdFusion 2016 (update 11 and earlier). The flaw is a security bypass that could lead to information disclosure in the context of the current user. Connected sources also indicate remediation via upgrading to ColdFusion 2018 ...

7.5CVSS7.6AI score0.07352EPSS
cve
cve
added 2020/03/25 7:11 p.m.67 views

CVE-2020-3794

CVE-2020-3794 affects Adobe ColdFusion 2016 and 2018. The issue is a file inclusion vulnerability that could allow an attacker to execute arbitrary code by loading files located in the webroot or its subdirectories. Public advisories and vendor listings (NVD, Red Hat, CNVD, CVE records, and APSB2...

10CVSS9.5AI score0.06972EPSS
cve
cve
added 2017/12/01 8:0 a.m.66 views

CVE-2017-11286

CVE-2017-11286 – Adobe ColdFusion XXE vulnerability in XML parsing affects ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier. The root cause is an XML External Entity (XXE) injection that could enable sensitive data disclosure via crafted XML input. Public advisories (...

7.5CVSS8.8AI score0.08482EPSS
cve
cve
added 2018/05/19 5:0 p.m.66 views

CVE-2018-4938

CVE-2018-4938 affects Adobe ColdFusion Update 5 and earlier, and ColdFusion 11 Update 13 and earlier, due to an insecure library loading vulnerability that could lead to local privilege escalation. CVSS v3.1 base score 7.8 (HIGH) with LOCAL attack, LOW privileges required, no user interaction, an...

7.8CVSS8.4AI score0.00727EPSS
cve
cve
added 2018/05/19 5:0 p.m.66 views

CVE-2018-4942

Adobe ColdFusion is affected by CVE-2018-4942 (Unsafe XML External Entity Processing) causing information disclosure. Affected: ColdFusion 5 and earlier; ColdFusion 11 Update 13 and earlier. Root cause: insecure XML parsing/XE. Mitigation: apply updates later than Update 5 (CF 5 and earlier) or l...

7.5CVSS8.1AI score0.0406EPSS
cve
cve
added 2020/06/26 8:18 p.m.65 views

CVE-2020-3767

CVE-2020-3767 applies to Adobe ColdFusion 2016 (updates up to 15) and ColdFusion 2018 (updates up to 9). The issue is an insufficient input validation vulnerability that could cause an application‑level DoS. Public sources in the connected set confirm the affected products and the root cause, wit...

6.5CVSS6.3AI score0.0347EPSS
cve
cve
added 2020/06/26 8:19 p.m.65 views

CVE-2020-3768

Adobe ColdFusion 2016 (pre-Update 15) and ColdFusion 2018 (pre-Update 9) are affected by CVE-2020-3768 due to a DLL search-order hijack that could enable local privilege escalation. The issue stems from DLL loading order on Windows; exploitation is local and could grant elevated privileges. Remed...

7.8CVSS7.4AI score0.00816EPSS
cve
cve
added 2020/06/26 8:21 p.m.64 views

CVE-2020-3796

CVE-2020-3796 affects Adobe ColdFusion 2016 and ColdFusion 2018. The root cause is improper access control that could allow an attacker to disclose the underlying system file structure. Affected products include ColdFusion 2016 before update 15 and ColdFusion 2018 before update 9 (per APSB20-18 a...

6.5CVSS6.2AI score0.04294EPSS
cve
cve
added 2020/07/17 12:0 a.m.64 views

CVE-2020-9672

CVE-2020-9672 affects Adobe ColdFusion 2016 (update 15 and earlier) and ColdFusion 2018 (update 9 and earlier). The issue is a DLL search-order hijacking vulnerability that could lead to privilege escalation. Public documentation references vendor advisories APSB20-43 and related patches; remedia...

7.8CVSS7.4AI score0.01045EPSS
cve
cve
added 2018/09/25 1:0 p.m.62 views

CVE-2018-15964

CVE-2018-15964 affects Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier, due to a vulnerable component leading to information disclosure. CVSS indicates high confidentiality impact (C:H/I:N/A:N; network attack). The issue was among multi...

7.5CVSS8AI score0.07879EPSS
cve
cve
added 2019/09/27 3:20 p.m.62 views

CVE-2019-8074

CVE-2019-8074 is a path traversal vulnerability in Adobe ColdFusion 2018 (update 4 and earlier) and ColdFusion 2016 (update 11 and earlier) that could bypass access controls in the context of the current user. NVD CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction...

10CVSS9.2AI score0.18858EPSS
cve
cve
added 2016/05/11 1:0 a.m.61 views

CVE-2016-1113

CVE-2016-1113 affects Adobe ColdFusion 10 (before Update 19), 11 (before Update 8), and 2016 (before Update 1). The vulnerability is an XSS flaw caused by insufficient input validation that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Connected sources a...

6.1CVSS6.2AI score0.03056EPSS
cve
cve
added 2016/06/16 2:0 p.m.60 views

CVE-2016-4159

CVE-2016-4159 is a cross-site scripting (XSS) vulnerability affecting Adobe ColdFusion 10 prior to Update 20, ColdFusion 11 prior to Update 9, and ColdFusion 2016 prior to Update 2. The issue is described in the connected sources as a reflected XSS due to input validation failures, allowing an un...

6.1CVSS5.9AI score0.01857EPSS
cve
cve
added 2018/09/25 1:0 p.m.58 views

CVE-2018-15959

CVE-2018-15959 describes an insecure deserialization vulnerability in Adobe ColdFusion. The issue affects ColdFusion versions released July 12, 2018 (2018.0.0.310739) and Update 6 and earlier, as well as Update 14 and earlier, where deserializing untrusted data can lead to arbitrary code executio...

10CVSS9.6AI score0.25856EPSS
cve
cve
added 2018/09/25 1:0 p.m.58 views

CVE-2018-15963

Adobe ColdFusion 2016 Update 6 and earlier, ColdFusion 11 Update 14 and earlier, and the July 12, 2018 release (2018.0.0.310739) are affected by CVE-2018-15963, a security bypass that could allow arbitrary folder creation. The vulnerability stems from a bypass in ColdFusion’s security controls an...

5.3CVSS7.2AI score0.0574EPSS
cve
cve
added 2018/09/25 1:0 p.m.57 views

CVE-2018-15960

CVE-2018-15960 affects Adobe ColdFusion (2018 July 12 release and earlier 2018 updates; also ColdFusion 11 Update 14 and earlier/2016 Update 6 and earlier). The connected advisory CPAI-2019-0985 identifies CKEditor Directory Traversal in the ColdFusion CKEditor component, due to improper sanitiza...

7.5CVSS7.8AI score0.05525EPSS
cve
cve
added 2018/09/25 1:0 p.m.57 views

CVE-2018-15965

CVE-2018-15965 affects Adobe ColdFusion: deserialization of untrusted data in the July 12, 2018 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier. Root cause is insecure deserialization enabling arbitrary code execution. CVSS v3.0 base score 9.8 (CRITICAL); impact on conf...

10CVSS9.6AI score0.25856EPSS
cve
cve
added 2018/05/19 5:0 p.m.57 views

CVE-2018-4940

Adobe ColdFusion 11.x prior to 11u14 and 2016.x prior to 2016u6 are affected by CVE-2018-4940, a cross-site scripting vulnerability that could lead to information disclosure. Root cause is an exploitable XSS in Update 5 and earlier ColdFusion versions. Mitigation: apply ColdFusion 11u14 or 2016u6...

6.1CVSS6.8AI score0.01791EPSS
cve
cve
added 2018/09/25 1:0 p.m.55 views

CVE-2018-15958

CVE-2018-15958 affects Adobe ColdFusion: the July 12, 2018 release (version 2018.0.0.310739) and Update 6 and earlier, plus Update 14 and earlier, are vulnerable to a deserialization of untrusted data that could lead to arbitrary code execution . The issue is part of a set of four critical deseri...

10CVSS9.6AI score0.25856EPSS
cve
cve
added 2016/05/11 1:0 a.m.54 views

CVE-2016-1114

Adobe ColdFusion is vulnerable to remote code execution via deserialization of crafted Java objects tied to the Apache Commons Collections library. Affected products/versions: ColdFusion 10 before Update 19, ColdFusion 11 before Update 8, and ColdFusion 2016 before Update 1. The issue enables an ...

9.8CVSS9.7AI score0.08849EPSS
cve
cve
added 2016/05/11 1:0 a.m.54 views

CVE-2016-1115

Adobe ColdFusion is affected by CVE-2016-1115 due to a wildcard handling flaw in X.509 certificate name fields, enabling MITM server spoofing via crafted certs. Affected products: ColdFusion 10 before Update 19, ColdFusion 11 before Update 8, and ColdFusion 2016 before Update 1. Root cause: impro...

5.9CVSS6.2AI score0.02485EPSS
cve
cve
added 2018/05/19 5:0 p.m.53 views

CVE-2018-4941

CVE-2018-4941 affects Adobe ColdFusion 11.x before 11u14 and 2016.x before 2016u6, where an exploitable Cross-Site Scripting vulnerability could lead to information disclosure. The issue is a ColdFusion Web UI/XSS flaw; the root cause is an unsafe script handling path leading to information discl...

6.1CVSS6.8AI score0.01791EPSS
cve
cve
added 2020/03/25 7:11 p.m.49 views

CVE-2020-3761

CVE-2020-3761 affects Adobe ColdFusion 2016 and 2018, enabling remote file read from the ColdFusion install directory (arbitrary file read). According to NVD, CVSSv3.1 base score 7.5 (HIGH), with network access and no authentication required (no user interaction). Remediation: patch/update per AP...

7.5CVSS7.3AI score0.04099EPSS