Coldfusion@2016 Security Vulnerabilities and Issues — Coldfusion@2016 CVE List

Lucene search

AdobeColdfusion2016

6 matches found

CVE•added 2017/04/27 2:59 p.m.•220 views

CVE-2017-3066

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.

10CVSS9.5AI score0.93265EPSS

CVE•added 2017/12/01 8:29 a.m.•84 views

CVE-2017-11283

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

9.8CVSS9.3AI score0.23859EPSS

CVE•added 2017/12/01 8:29 a.m.•79 views

CVE-2017-11284

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

9.8CVSS9.4AI score0.23859EPSS

CVE•added 2017/12/01 8:29 a.m.•57 views

CVE-2017-11285

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

6.1CVSS7.2AI score0.01032EPSS

CVE•added 2017/04/27 2:59 p.m.•53 views

CVE-2017-3008

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.

6.1CVSS6.4AI score0.00484EPSS

CVE•added 2017/12/01 8:29 a.m.•52 views

CVE-2017-11286

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

7.5CVSS8.8AI score0.01292EPSS