- Home
- CVEs with nessus.description==The version of Adobe ColdFusion running on the remote host is affected by an authentication bypass vulnerability. When RDS is disabled and not configured with password protection, it is possible to authenticate as an administrative user without providing a username or password. A remote, unauthenticated attacker can exploit this to gain administrative access to the ColdFusion Administrator interface. After authenticating, it is possible to write arbitrary files to the host, resulting in arbitrary code execution. This vulnerability is being exploited in the wild.
This version of ColdFusion is reportedly affected by several additional vulnerabilities; however, Nessus has not checked for those issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top