Coldfusion@2018 Security Vulnerabilities and Issues — Coldfusion@2018 CVE List

Lucene search

AdobeColdfusion2018

10 matches found

CVE•added 2019/06/12 4:29 p.m.•111 views

CVE-2019-7839

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.7AI score0.34883EPSS

CVE•added 2019/06/12 4:29 p.m.•77 views

CVE-2019-7838

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.5AI score0.30353EPSS

CVE•added 2019/12/19 8:15 p.m.•76 views

CVE-2019-8256

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

9.8CVSS9.2AI score0.00661EPSS

CVE•added 2019/06/12 4:29 p.m.•68 views

CVE-2019-7840

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.49528EPSS

CVE•added 2019/09/27 4:15 p.m.•67 views

CVE-2019-8073

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

10CVSS9.6AI score0.14776EPSS

CVE•added 2019/05/24 7:29 p.m.•66 views

CVE-2019-7091

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.63074EPSS

CVE•added 2019/05/24 7:29 p.m.•66 views

CVE-2019-7092

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .

6.1CVSS6.9AI score0.0145EPSS

CVE•added 2019/05/24 6:29 p.m.•64 views

CVE-2019-7816

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.04815EPSS

CVE•added 2019/09/27 4:15 p.m.•51 views

CVE-2019-8072

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

7.5CVSS7.6AI score0.0446EPSS

CVE•added 2019/09/27 4:15 p.m.•50 views

CVE-2019-8074

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

10CVSS9.2AI score0.07732EPSS