All the vulnerabilites related to Adobe - ColdFusion
cve-2012-5675
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb12-26.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:14:16.401Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-26.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-12-12T11:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-26.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-5675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb12-26.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-26.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2012-5675", "datePublished": "2012-12-12T11:00:00Z", "dateReserved": "2012-10-29T00:00:00Z", "dateUpdated": "2024-09-16T18:43:44.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-0644
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/29332 | third-party-advisory, x_refsource_SECUNIA | |
http://www.adobe.com/support/security/bulletins/apsb08-07.html | x_refsource_CONFIRM | |
http://www.vupen.com/english/advisories/2008/0862/references | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1019590 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41145 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/28205 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:54:22.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29332" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-07.html" }, { "name": "ADV-2008-0862", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "name": "1019590", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019590" }, { "name": "coldfusion-setencoding-xss(41145)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41145" }, { "name": "28205", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28205" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "29332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29332" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-07.html" }, { "name": "ADV-2008-0862", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "name": "1019590", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019590" }, { "name": "coldfusion-setencoding-xss(41145)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41145" }, { "name": "28205", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28205" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0644", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29332", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29332" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb08-07.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-07.html" }, { "name": "ADV-2008-0862", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "name": "1019590", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019590" }, { "name": "coldfusion-setencoding-xss(41145)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41145" }, { "name": "28205", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28205" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0644", "datePublished": "2008-03-12T00:00:00", "dateReserved": "2008-02-07T00:00:00", "dateUpdated": "2024-08-07T07:54:22.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-4725
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.vupen.com/english/advisories/2006/3574 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/bid/19985 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28920 | vdb-entry, x_refsource_XF | |
http://www.adobe.com/support/security/bulletins/apsb06-13.html | x_refsource_CONFIRM | |
http://securitytracker.com/id?1016833 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/21866 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:41.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2006-3574", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3574" }, { "name": "19985", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19985" }, { "name": "coldfusion-cfml-sandbox-bypass(28920)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28920" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-13.html" }, { "name": "1016833", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016833" }, { "name": "21866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21866" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2006-3574", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3574" }, { "name": "19985", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19985" }, { "name": "coldfusion-cfml-sandbox-bypass(28920)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28920" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-13.html" }, { "name": "1016833", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016833" }, { "name": "21866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21866" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4725", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-3574", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3574" }, { "name": "19985", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19985" }, { "name": "coldfusion-cfml-sandbox-bypass(28920)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28920" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb06-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb06-13.html" }, { "name": "1016833", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016833" }, { "name": "21866", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21866" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4725", "datePublished": "2006-09-14T00:00:00", "dateReserved": "2006-09-12T00:00:00", "dateUpdated": "2024-08-07T19:23:41.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-5290
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ | x_refsource_MISC | |
http://osvdb.org/97553 | vdb-entry, x_refsource_OSVDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/87740 | vdb-entry, x_refsource_XF | |
http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:17:10.205Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/" }, { "name": "97553", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/97553" }, { "name": "adobe-coldfusion-cve20105290-priv-esc(87740)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87740" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-08-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/" }, { "name": "97553", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/97553" }, { "name": "adobe-coldfusion-cve20105290-priv-esc(87740)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87740" }, { "tags": [ "x_refsource_MISC" ], "url": "http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5290", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/" }, { "name": "97553", "refsource": "OSVDB", "url": "http://osvdb.org/97553" }, { "name": "adobe-coldfusion-cve20105290-priv-esc(87740)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87740" }, { "name": "http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal", "refsource": "MISC", "url": "http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-5290", "datePublished": "2013-09-20T16:00:00", "dateReserved": "2013-09-20T00:00:00", "dateUpdated": "2024-08-07T04:17:10.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42340
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Improper Input Validation Arbitrary file system read" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-42340", "datePublished": "2022-10-14T19:42:57.569728Z", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-09-17T01:51:37.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1115
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035829 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/90514 | vdb-entry, x_refsource_BID | |
https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:48:13.080Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035829", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035829" }, { "name": "90514", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/90514" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-29T16:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "1035829", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035829" }, { "name": "90514", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/90514" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2016-1115", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035829", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035829" }, { "name": "90514", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90514" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2016-1115", "datePublished": "2016-05-11T01:00:00", "dateReserved": "2015-12-22T00:00:00", "dateUpdated": "2024-08-05T22:48:13.080Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3767
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: ColdFusion 2016, and ColdFusion 2018 versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:44:50.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos)." } ], "problemTypes": [ { "descriptions": [ { "description": "Insufficient input validation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-26T20:18:35", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-3767", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insufficient input validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-3767", "datePublished": "2020-06-26T20:18:35", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2024-08-04T07:44:50.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-9673
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html | x_refsource_CONFIRM |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Adobe | Adobe ColdFusion 2016 |
Version: update 15 and earlier versions |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:34:39.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion 2016", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "update 15 and earlier versions" } ] }, { "product": "Adobe ColdFusion 2018", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "update 9 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "description": "DLL search-order hijacking ", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-17T00:01:14", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9673", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion 2016", "version": { "version_data": [ { "version_value": "update 15 and earlier versions" } ] } }, { "product_name": "Adobe ColdFusion 2018", "version": { "version_data": [ { "version_value": "update 9 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "DLL search-order hijacking " } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-9673", "datePublished": "2020-07-17T00:01:14", "dateReserved": "2020-03-02T00:00:00", "dateUpdated": "2024-08-04T10:34:39.870Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-7092
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:38:32.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure ." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross site scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-24T18:42:36", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-7092", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure ." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross site scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-7092", "datePublished": "2019-05-24T18:42:36", "dateReserved": "2019-01-28T00:00:00", "dateUpdated": "2024-08-04T20:38:32.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10145
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.kb.cert.org/vuls/id/125331 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 2021 Version: 2018 Version: 2016 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:50:57.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/125331" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "2021" }, { "status": "affected", "version": "2018" }, { "status": "affected", "version": "2016" } ] } ], "credits": [ { "lang": "en", "value": "Will Dormann" } ], "descriptions": [ { "lang": "en", "value": "The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\\ColdFusion2021\\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-27T20:55:10", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.kb.cert.org/vuls/id/125331" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2020-10145", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_affected": "=", "version_value": "2021" }, { "version_affected": "=", "version_value": "2018" }, { "version_affected": "=", "version_value": "2016" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "credit": [ { "lang": "eng", "value": "Will Dormann" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\\ColdFusion2021\\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284 Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.kb.cert.org/vuls/id/125331", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/125331" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2020-10145", "datePublished": "2021-05-27T20:55:10", "dateReserved": "2020-03-05T00:00:00", "dateUpdated": "2024-08-04T10:50:57.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0571
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1031020 | vdb-entry, x_refsource_SECTRACK | |
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:20:19.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1031020", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031020" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-11-14T14:57:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "1031020", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031020" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2014-0571", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1031020", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031020" }, { "name": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2014-0571", "datePublished": "2014-10-15T10:00:00", "dateReserved": "2013-12-20T00:00:00", "dateUpdated": "2024-08-06T09:20:19.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1113
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035829 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/90507 | vdb-entry, x_refsource_BID | |
https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:48:12.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035829", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035829" }, { "name": "90507", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/90507" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-29T16:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "1035829", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035829" }, { "name": "90507", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/90507" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2016-1113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035829", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035829" }, { "name": "90507", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90507" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2016-1113", "datePublished": "2016-05-11T01:00:00", "dateReserved": "2015-12-22T00:00:00", "dateUpdated": "2024-08-05T22:48:12.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0736
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/70780 | vdb-entry, x_refsource_OSVDB | |
http://websecurity.com.ua/4879/ | x_refsource_MISC | |
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:05:53.445Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "70780", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/70780" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/4879/" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-01-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-02-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "70780", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/70780" }, { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/4879/" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "70780", "refsource": "OSVDB", "url": "http://osvdb.org/70780" }, { "name": "http://websecurity.com.ua/4879/", "refsource": "MISC", "url": "http://websecurity.com.ua/4879/" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0736", "datePublished": "2011-02-01T17:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:53.445Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3008
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98002 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038364 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier |
Version: Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:09:18.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" }, { "name": "98002", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98002" }, { "name": "1038364", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038364" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier" } ] } ], "datePublic": "2017-04-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" }, { "name": "98002", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98002" }, { "name": "1038364", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038364" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-3008", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier", "version": { "version_data": [ { "version_value": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" }, { "name": "98002", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98002" }, { "name": "1038364", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038364" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2017-3008", "datePublished": "2017-04-27T14:00:00", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-08-05T14:09:18.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-4159
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1036098 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:17:31.307Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html" }, { "name": "1036098", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036098" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-28T20:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html" }, { "name": "1036098", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036098" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2016-4159", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html" }, { "name": "1036098", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036098" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2016-4159", "datePublished": "2016-06-16T14:00:00", "dateReserved": "2016-04-27T00:00:00", "dateUpdated": "2024-08-06T00:17:31.307Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38421
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-38421", "datePublished": "2022-10-14T19:42:56.886728Z", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-09-16T18:17:48.892Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0629
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-03.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/57165 | vdb-entry, x_refsource_BID | |
http://www.adobe.com/support/security/advisories/apsa13-01.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "name": "57165", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-01-15T10:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "name": "57165", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/57165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-0629", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "name": "57165", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57165" }, { "name": "http://www.adobe.com/support/security/advisories/apsa13-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-0629", "datePublished": "2013-01-09T01:00:00", "dateReserved": "2012-12-18T00:00:00", "dateUpdated": "2024-08-06T14:33:05.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3066
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/43993/ | exploit, x_refsource_EXPLOIT-DB | |
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98003 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038364 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier |
Version: Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:27.674Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "43993", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43993/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" }, { "name": "98003", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98003" }, { "name": "1038364", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038364" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier" } ] } ], "datePublic": "2017-04-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Code Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-09T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "43993", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43993/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" }, { "name": "98003", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98003" }, { "name": "1038364", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038364" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-3066", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier", "version": { "version_data": [ { "version_value": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Code Injection" } ] } ] }, "references": { "reference_data": [ { "name": "43993", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43993/" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html" }, { "name": "98003", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98003" }, { "name": "1038364", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038364" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2017-3066", "datePublished": "2017-04-27T14:00:00", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-08-05T14:16:27.674Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29298
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2023.0.0.330468 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:07:44.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2023.0.0.330468", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-07-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-12T15:46:07.094Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Improper Access Control Security feature bypass" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-29298", "datePublished": "2023-07-12T15:46:07.094Z", "dateReserved": "2023-04-04T20:46:42.577Z", "dateUpdated": "2024-08-02T14:07:44.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1877
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/57190 | vdb-entry, x_refsource_OSVDB | |
http://www.adobe.com/support/security/bulletins/apsb09-12.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57190", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57190" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-08-26T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "57190", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57190" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1877", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57190", "refsource": "OSVDB", "url": "http://osvdb.org/57190" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1877", "datePublished": "2009-08-18T22:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15964
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/105311 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:05.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105311", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105311" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "Use of a component with a known vulnerability", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105311", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105311" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15964", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use of a component with a known vulnerability" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105311", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105311" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15964", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:05.668Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-7091
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:38:32.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Deserialization of untrusted data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-24T18:42:15", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-7091", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Deserialization of untrusted data" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-7091", "datePublished": "2019-05-24T18:42:15", "dateReserved": "2019-01-28T00:00:00", "dateUpdated": "2024-08-04T20:38:32.887Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38424
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-38424", "datePublished": "2022-10-14T19:42:57.803360Z", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-09-17T01:52:07.524Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-45113
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.12 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.6", "status": "affected", "version": "2023.0", "versionType": "semver" }, { "lessThanOrEqual": "2021.12", "status": "affected", "version": "2021.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-45113", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T14:00:33.243484Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T14:02:02.184Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.12", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-03-12T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "Improper Authentication (CWE-287)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:56:24.654Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Improper Authentication (CWE-287)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-45113", "datePublished": "2024-09-13T09:18:02.435Z", "dateReserved": "2024-08-21T23:00:59.342Z", "dateUpdated": "2024-09-16T12:56:24.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38420
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "Use of Hard-coded Credentials (CWE-798)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-38420", "datePublished": "2022-10-14T19:42:56.225942Z", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-09-16T23:35:45.573Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3336
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.exploit-db.com/exploits/25305 | exploit, x_refsource_EXPLOIT-DB | |
http://www.adobe.com/support/security/advisories/apsa13-03.html | x_refsource_CONFIRM | |
http://www.adobe.com/support/security/bulletins/apsb13-13.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:07:37.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "25305", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/25305" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-05-29T09:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "25305", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/25305" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-3336", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "25305", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/25305" }, { "name": "http://www.adobe.com/support/security/advisories/apsa13-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb13-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-3336", "datePublished": "2013-05-09T10:00:00", "dateReserved": "2013-05-06T00:00:00", "dateUpdated": "2024-08-06T16:07:37.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15965
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/105313 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:06.048Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105313" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Deserialization of untrusted data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105313" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15965", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Deserialization of untrusted data" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105313" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15965", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:06.048Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0632
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.exploit-db.com/exploits/30210 | exploit, x_refsource_EXPLOIT-DB | |
http://www.adobe.com/support/security/bulletins/apsb13-03.html | x_refsource_CONFIRM | |
http://www.adobe.com/support/security/advisories/apsa13-01.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.651Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30210", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/30210" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-11T00:00:00", "descriptions": [ { "lang": "en", "value": "administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-01-16T01:57:02", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "30210", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/30210" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-0632", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30210", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/30210" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb13-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "name": "http://www.adobe.com/support/security/advisories/apsa13-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-0632", "datePublished": "2013-01-17T00:00:00", "dateReserved": "2012-12-18T00:00:00", "dateUpdated": "2024-08-06T14:33:05.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2048
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/50523 | third-party-advisory, x_refsource_SECUNIA | |
http://osvdb.org/85317 | vdb-entry, x_refsource_OSVDB | |
http://www.securitytracker.com/id?1027516 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78410 | vdb-entry, x_refsource_XF | |
http://www.adobe.com/support/security/bulletins/apsb12-21.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:17:27.758Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "50523", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50523" }, { "name": "85317", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/85317" }, { "name": "1027516", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027516" }, { "name": "coldfusion-unspecified-dos(78410)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78410" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-21.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "50523", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50523" }, { "name": "85317", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/85317" }, { "name": "1027516", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027516" }, { "name": "coldfusion-unspecified-dos(78410)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78410" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-21.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-2048", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "50523", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50523" }, { "name": "85317", "refsource": "OSVDB", "url": "http://osvdb.org/85317" }, { "name": "1027516", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027516" }, { "name": "coldfusion-unspecified-dos(78410)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78410" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb12-21.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-21.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2012-2048", "datePublished": "2012-09-12T10:00:00", "dateReserved": "2012-04-02T00:00:00", "dateUpdated": "2024-08-06T19:17:27.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3467
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/39790 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2010/1127 | vdb-entry, x_refsource_VUPEN | |
http://www.adobe.com/support/security/bulletins/apsb10-11.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:09.204Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-05-13T17:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "39790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-3467", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "39790", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-11.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2009-3467", "datePublished": "2010-05-13T17:00:00Z", "dateReserved": "2009-09-29T00:00:00Z", "dateUpdated": "2024-09-17T04:04:59.295Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-5860
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/24093 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2007/0594 | vdb-entry, x_refsource_VUPEN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/32475 | vdb-entry, x_refsource_XF | |
http://www.securitytracker.com/id?1017647 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/22547 | vdb-entry, x_refsource_BID | |
http://www.adobe.com/support/security/bulletins/apsb07-05.html | x_refsource_CONFIRM | |
http://osvdb.org/32122 | vdb-entry, x_refsource_OSVDB | |
http://www.securitytracker.com/id?1017646 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:04:55.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "24093", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24093" }, { "name": "ADV-2007-0594", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0594" }, { "name": "jrun-administrator-console-xss(32475)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32475" }, { "name": "1017647", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017647" }, { "name": "22547", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22547" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-05.html" }, { "name": "32122", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/32122" }, { "name": "1017646", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017646" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "24093", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24093" }, { "name": "ADV-2007-0594", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0594" }, { "name": "jrun-administrator-console-xss(32475)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32475" }, { "name": "1017647", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017647" }, { "name": "22547", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22547" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-05.html" }, { "name": "32122", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/32122" }, { "name": "1017646", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017646" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5860", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "24093", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24093" }, { "name": "ADV-2007-0594", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0594" }, { "name": "jrun-administrator-console-xss(32475)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32475" }, { "name": "1017647", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017647" }, { "name": "22547", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22547" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb07-05.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-05.html" }, { "name": "32122", "refsource": "OSVDB", "url": "http://osvdb.org/32122" }, { "name": "1017646", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017646" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5860", "datePublished": "2007-02-14T02:00:00", "dateReserved": "2006-11-10T00:00:00", "dateUpdated": "2024-08-07T20:04:55.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1878
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb09-12.html | x_refsource_CONFIRM | |
http://osvdb.org/57191 | vdb-entry, x_refsource_OSVDB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.845Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57191", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57191" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-08-26T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57191", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57191" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1878", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57191", "refsource": "OSVDB", "url": "http://osvdb.org/57191" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1878", "datePublished": "2009-08-18T22:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0580
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/46273 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/65277 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2011/0334 | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1025036 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/43264 | third-party-advisory, x_refsource_SECUNIA | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:25.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "46273", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46273" }, { "name": "adobe-coldfusion-multiple-xss(65277)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65277" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "46273", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46273" }, { "name": "adobe-coldfusion-multiple-xss(65277)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65277" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0580", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "46273", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46273" }, { "name": "adobe-coldfusion-multiple-xss(65277)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65277" }, { "name": "ADV-2011-0334", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43264" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0580", "datePublished": "2011-02-10T15:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:25.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0584
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/65280 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2011/0334 | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1025036 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/43264 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/46278 | vdb-entry, x_refsource_BID | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:26.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "adobe-coldfusion-session-hijacking(65280)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65280" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43264" }, { "name": "46278", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46278" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "adobe-coldfusion-session-hijacking(65280)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65280" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43264" }, { "name": "46278", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46278" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0584", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "adobe-coldfusion-session-hijacking(65280)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65280" }, { "name": "ADV-2011-0334", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43264" }, { "name": "46278", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46278" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0584", "datePublished": "2011-02-10T15:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:26.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44350
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.5", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44350", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:37:10.747107Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:38:29.335Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:57:22.438Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Deserialization of Untrusted Data (CWE-502)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44350", "datePublished": "2023-11-17T13:31:30.360Z", "dateReserved": "2023-09-28T16:25:40.451Z", "dateUpdated": "2024-09-16T12:57:22.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-8256
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: Update 6 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:17:30.183Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "Update 6 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "description": "Insecure inherited permissions of default installation directory \u202f", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-19T19:40:43", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-8256", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "Update 6 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insecure inherited permissions of default installation directory \u202f" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-8256", "datePublished": "2019-12-19T19:40:43", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:17:30.183Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-41874
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.15 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.9", "status": "affected", "version": "2023.0", "versionType": "semver" }, { "lessThanOrEqual": "2021.15", "status": "affected", "version": "2021.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-41874", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T13:44:22.599188Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T13:55:03.481Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.15", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-09-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:56:15.061Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Deserialization of Untrusted Data (CWE-502)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-41874", "datePublished": "2024-09-13T09:18:03.226Z", "dateReserved": "2024-07-22T17:16:40.944Z", "dateUpdated": "2024-09-16T12:56:15.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-5326
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-27.html | x_refsource_CONFIRM | |
http://www.kb.cert.org/vuls/id/295276 | third-party-advisory, x_refsource_CERT-VN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:06:52.348Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-27.html" }, { "name": "VU#295276", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/295276" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-27T00:57:03", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-27.html" }, { "name": "VU#295276", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/295276" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-5326", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-27.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-27.html" }, { "name": "VU#295276", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/295276" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-5326", "datePublished": "2013-11-13T01:00:00", "dateReserved": "2013-08-20T00:00:00", "dateUpdated": "2024-08-06T17:06:52.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1278
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1017752 | vdb-entry, x_refsource_SECTRACK | |
http://osvdb.org/34039 | vdb-entry, x_refsource_OSVDB | |
http://www.adobe.com/support/security/bulletins/apsb07-07.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/24488 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2007/0932 | vdb-entry, x_refsource_VUPEN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/32994 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/22958 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.050Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1017752", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017752" }, { "name": "34039", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/34039" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html" }, { "name": "24488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24488" }, { "name": "ADV-2007-0932", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0932" }, { "name": "coldfusion-jrun-iisconnector-dos(32994)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32994" }, { "name": "22958", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22958" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1017752", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017752" }, { "name": "34039", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/34039" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html" }, { "name": "24488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24488" }, { "name": "ADV-2007-0932", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0932" }, { "name": "coldfusion-jrun-iisconnector-dos(32994)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32994" }, { "name": "22958", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22958" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1278", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1017752", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017752" }, { "name": "34039", "refsource": "OSVDB", "url": "http://osvdb.org/34039" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb07-07.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html" }, { "name": "24488", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24488" }, { "name": "ADV-2007-0932", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0932" }, { "name": "coldfusion-jrun-iisconnector-dos(32994)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32994" }, { "name": "22958", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22958" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1278", "datePublished": "2007-03-16T20:00:00", "dateReserved": "2007-03-05T00:00:00", "dateUpdated": "2024-08-07T12:50:35.050Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9166
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:33:13.506Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-12-10T20:57:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2014-9166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2014-9166", "datePublished": "2014-12-10T21:00:00", "dateReserved": "2014-12-01T00:00:00", "dateUpdated": "2024-08-06T13:33:13.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8053
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/77625 | vdb-entry, x_refsource_BID | |
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1034211 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:06:31.858Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "77625", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77625" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "name": "1034211", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T22:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "77625", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77625" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "name": "1034211", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034211" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2015-8053", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "77625", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77625" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "name": "1034211", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034211" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2015-8053", "datePublished": "2015-11-18T21:00:00", "dateReserved": "2015-11-02T00:00:00", "dateUpdated": "2024-08-06T08:06:31.858Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44353
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.751Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.5", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44353", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:32:50.545301Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:36:16.786Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:31.132Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion WDDX Deserialization Gadgets" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44353", "datePublished": "2023-11-17T13:31:31.132Z", "dateReserved": "2023-09-28T16:25:40.452Z", "dateUpdated": "2024-09-04T19:36:16.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35712
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:44:20.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-35712", "datePublished": "2022-10-14T19:42:55.733799Z", "dateReserved": "2022-07-12T00:00:00", "dateUpdated": "2024-09-17T03:37:49.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38203
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ cf2023U1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "cf2023U1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-07-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-20T15:41:10.683Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE " } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-38203", "datePublished": "2023-07-20T15:41:10.683Z", "dateReserved": "2023-07-13T16:21:52.611Z", "dateUpdated": "2024-08-02T17:30:14.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1114
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/90506 | vdb-entry, x_refsource_BID | |
https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:48:12.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "90506", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/90506" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "90506", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/90506" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2016-1114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "90506", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90506" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2016-1114", "datePublished": "2016-05-11T01:00:00", "dateReserved": "2015-12-22T00:00:00", "dateUpdated": "2024-08-05T22:48:12.989Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-5858
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb07-02.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/archive/1/457799/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://secunia.com/advisories/23668 | third-party-advisory, x_refsource_SECUNIA | |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466 | third-party-advisory, x_refsource_IDEFENSE | |
http://securitytracker.com/id?1017490 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/21978 | vdb-entry, x_refsource_BID | |
http://osvdb.org/32123 | vdb-entry, x_refsource_OSVDB | |
http://www.vupen.com/english/advisories/2007/0116 | vdb-entry, x_refsource_VUPEN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/31411 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:04:55.769Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-02.html" }, { "name": "20070121 Adobe ColdFusion Information Disclosure", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/457799/100/0/threaded" }, { "name": "23668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23668" }, { "name": "20070109 Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466" }, { "name": "1017490", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017490" }, { "name": "21978", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21978" }, { "name": "32123", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/32123" }, { "name": "ADV-2007-0116", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0116" }, { "name": "coldfusion-urlparsing-info-disclosure(31411)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31411" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-02.html" }, { "name": "20070121 Adobe ColdFusion Information Disclosure", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/457799/100/0/threaded" }, { "name": "23668", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23668" }, { "name": "20070109 Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466" }, { "name": "1017490", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017490" }, { "name": "21978", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21978" }, { "name": "32123", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/32123" }, { "name": "ADV-2007-0116", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0116" }, { "name": "coldfusion-urlparsing-info-disclosure(31411)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31411" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5858", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb07-02.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-02.html" }, { "name": "20070121 Adobe ColdFusion Information Disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/457799/100/0/threaded" }, { "name": "23668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23668" }, { "name": "20070109 Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466" }, { "name": "1017490", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017490" }, { "name": "21978", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21978" }, { "name": "32123", "refsource": "OSVDB", "url": "http://osvdb.org/32123" }, { "name": "ADV-2007-0116", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0116" }, { "name": "coldfusion-urlparsing-info-disclosure(31411)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31411" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5858", "datePublished": "2007-01-10T02:00:00", "dateReserved": "2006-11-10T00:00:00", "dateUpdated": "2024-08-07T20:04:55.769Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-7838
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:02:18.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "File extension blacklist bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-12T15:13:45", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-7838", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "File extension blacklist bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-7838", "datePublished": "2019-06-12T15:13:45", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:02:18.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-5859
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb07-03.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/24115 | third-party-advisory, x_refsource_SECUNIA | |
http://osvdb.org/32121 | vdb-entry, x_refsource_OSVDB | |
http://www.securitytracker.com/id?1017644 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/22544 | vdb-entry, x_refsource_BID | |
http://www.vupen.com/english/advisories/2007/0592 | vdb-entry, x_refsource_VUPEN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:04:55.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-03.html" }, { "name": "24115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24115" }, { "name": "32121", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/32121" }, { "name": "1017644", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017644" }, { "name": "22544", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22544" }, { "name": "ADV-2007-0592", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0592" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-03.html" }, { "name": "24115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24115" }, { "name": "32121", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/32121" }, { "name": "1017644", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017644" }, { "name": "22544", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22544" }, { "name": "ADV-2007-0592", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0592" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5859", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb07-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-03.html" }, { "name": "24115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24115" }, { "name": "32121", "refsource": "OSVDB", "url": "http://osvdb.org/32121" }, { "name": "1017644", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017644" }, { "name": "22544", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22544" }, { "name": "ADV-2007-0592", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0592" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5859", "datePublished": "2007-02-14T01:00:00", "dateReserved": "2006-11-10T00:00:00", "dateUpdated": "2024-08-07T20:04:55.620Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15962
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105318 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:06.015Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105318", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105318" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "Directory listing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105318", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105318" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15962", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Directory listing" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105318", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105318" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15962", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:06.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34112
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021u13 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThan": "update_8", "status": "affected", "version": "2023", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThan": "update_14", "status": "affected", "version": "2021", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34112", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T14:27:00.412121Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T14:30:02.338Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:42:59.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021u13", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T11:27:15.891Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion CFDOCUMENT file retrieval / access control bypass" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-34112", "datePublished": "2024-06-13T11:27:15.891Z", "dateReserved": "2024-04-30T19:50:50.903Z", "dateUpdated": "2024-08-02T02:42:59.893Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11285
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100711 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1039321 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
Version: Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:05:30.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "100711", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100711" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039321" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } ], "datePublic": "2017-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting (XSS)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-01T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "100711", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100711" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039321" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-11285", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "version": { "version_data": [ { "version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting (XSS)" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "100711", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100711" }, { "name": "1039321", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039321" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2017-11285", "datePublished": "2017-12-01T08:00:00", "dateReserved": "2017-07-13T00:00:00", "dateUpdated": "2024-08-05T18:05:30.310Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-4264
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/40346/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securitytracker.com/id/1036708 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/archive/1/539374/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt | x_refsource_MISC | |
http://www.securityfocus.com/bid/92684 | vdb-entry, x_refsource_BID | |
https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:25:13.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "40346", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40346/" }, { "name": "1036708", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036708" }, { "name": "20160907 CVE-2016-4264 Adobe ColdFusion \u003c= 11 XXE Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/539374/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt" }, { "name": "92684", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/92684" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "40346", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40346/" }, { "name": "1036708", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036708" }, { "name": "20160907 CVE-2016-4264 Adobe ColdFusion \u003c= 11 XXE Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/539374/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt" }, { "name": "92684", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/92684" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2016-4264", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "40346", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40346/" }, { "name": "1036708", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036708" }, { "name": "20160907 CVE-2016-4264 Adobe ColdFusion \u003c= 11 XXE Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539374/100/0/threaded" }, { "name": "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt", "refsource": "MISC", "url": "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt" }, { "name": "92684", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92684" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2016-4264", "datePublished": "2016-09-01T23:00:00", "dateReserved": "2016-04-27T00:00:00", "dateUpdated": "2024-08-06T00:25:13.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1874
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.vupen.com/english/advisories/2007/1341 | vdb-entry, x_refsource_VUPEN | |
http://www.adobe.com/support/security/bulletins/apsb07-08.html | x_refsource_CONFIRM | |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510 | third-party-advisory, x_refsource_IDEFENSE | |
http://www.securityfocus.com/bid/23405 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/24850 | third-party-advisory, x_refsource_SECUNIA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/33571 | vdb-entry, x_refsource_XF | |
http://www.securitytracker.com/id?1017899 | vdb-entry, x_refsource_SECTRACK | |
http://osvdb.org/34930 | vdb-entry, x_refsource_OSVDB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:13:41.651Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2007-1341", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1341" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-08.html" }, { "name": "20070410 Adobe Macromedia ColdFusion MX7 Insecure File Permissions Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510" }, { "name": "23405", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23405" }, { "name": "24850", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24850" }, { "name": "coldfusion-verity-privilege-escalation(33571)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33571" }, { "name": "1017899", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017899" }, { "name": "34930", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/34930" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-04-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2007-1341", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1341" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-08.html" }, { "name": "20070410 Adobe Macromedia ColdFusion MX7 Insecure File Permissions Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510" }, { "name": "23405", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23405" }, { "name": "24850", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24850" }, { "name": "coldfusion-verity-privilege-escalation(33571)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33571" }, { "name": "1017899", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017899" }, { "name": "34930", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/34930" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1874", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2007-1341", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1341" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb07-08.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-08.html" }, { "name": "20070410 Adobe Macromedia ColdFusion MX7 Insecure File Permissions Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510" }, { "name": "23405", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23405" }, { "name": "24850", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24850" }, { "name": "coldfusion-verity-privilege-escalation(33571)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33571" }, { "name": "1017899", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017899" }, { "name": "34930", "refsource": "OSVDB", "url": "http://osvdb.org/34930" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1874", "datePublished": "2007-04-11T22:00:00", "dateReserved": "2007-04-05T00:00:00", "dateUpdated": "2024-08-07T13:13:41.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29301
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2023.0.0.330468 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:07:44.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2023.0.0.330468", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-07-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "Improper Restriction of Excessive Authentication Attempts (CWE-307)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-12T15:46:07.887Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Security feature bypass" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-29301", "datePublished": "2023-07-12T15:46:07.887Z", "dateReserved": "2023-04-04T20:46:42.578Z", "dateUpdated": "2024-08-02T14:07:44.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-3978
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/29475 | vdb-entry, x_refsource_XF | |
http://www.adobe.com/support/security/bulletins/apsb06-17.html | x_refsource_CONFIRM | |
http://securitytracker.com/id?1017040 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/22312 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/20431 | vdb-entry, x_refsource_BID | |
http://www.vupen.com/english/advisories/2006/4003 | vdb-entry, x_refsource_VUPEN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:48:39.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "coldfusion-library-gain-privileges(29475)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29475" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-17.html" }, { "name": "1017040", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017040" }, { "name": "22312", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22312" }, { "name": "20431", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20431" }, { "name": "ADV-2006-4003", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4003" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-10-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "coldfusion-library-gain-privileges(29475)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29475" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-17.html" }, { "name": "1017040", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017040" }, { "name": "22312", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22312" }, { "name": "20431", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20431" }, { "name": "ADV-2006-4003", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4003" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3978", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "coldfusion-library-gain-privileges(29475)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29475" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb06-17.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb06-17.html" }, { "name": "1017040", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017040" }, { "name": "22312", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22312" }, { "name": "20431", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20431" }, { "name": "ADV-2006-4003", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4003" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3978", "datePublished": "2006-10-10T22:00:00", "dateReserved": "2006-08-04T00:00:00", "dateUpdated": "2024-08-07T18:48:39.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0737
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/70781 | vdb-entry, x_refsource_OSVDB | |
http://websecurity.com.ua/4879/ | x_refsource_MISC | |
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "9.0.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2011-0737", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T14:44:34.948404Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:58:12.287Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "ADP Container" }, { "providerMetadata": { "dateUpdated": "2024-08-06T22:05:53.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "70781", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/70781" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/4879/" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-01-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-02-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "70781", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/70781" }, { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/4879/" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0737", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "70781", "refsource": "OSVDB", "url": "http://osvdb.org/70781" }, { "name": "http://websecurity.com.ua/4879/", "refsource": "MISC", "url": "http://websecurity.com.ua/4879/" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0737", "datePublished": "2011-02-01T17:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:53.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15960
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105317 | vdb-entry, x_refsource_BID | |
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:05.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105317", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105317" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite." } ], "problemTypes": [ { "descriptions": [ { "description": "Use of a component with a known vulnerability", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "105317", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105317" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15960", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use of a component with a known vulnerability" } ] } ] }, "references": { "reference_data": [ { "name": "105317", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105317" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15960", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:05.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3796
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: ColdFusion 2016, and ColdFusion 2018 versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:44:51.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper access control", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-26T20:21:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-3796", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper access control" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-3796", "datePublished": "2020-06-26T20:21:01", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2024-08-04T07:44:51.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15961
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105314 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK | |
https://www.exploit-db.com/exploits/45979/ | exploit, x_refsource_EXPLOIT-DB |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:05.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105314", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105314" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "45979", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45979/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Unrestricted file upload", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-12T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105314", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105314" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "45979", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45979/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15961", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unrestricted file upload" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105314", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105314" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" }, { "name": "45979", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45979/" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15961", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:05.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-0185
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/38007 | vdb-entry, x_refsource_BID | |
http://www.vupen.com/english/advisories/2010/0259 | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1023519 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/55997 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/38387 | third-party-advisory, x_refsource_SECUNIA | |
http://kb2.adobe.com/cps/807/cpsid_80719.html | x_refsource_CONFIRM | |
http://www.adobe.com/support/security/bulletins/apsb10-04.html | x_refsource_CONFIRM | |
http://osvdb.org/62037 | vdb-entry, x_refsource_OSVDB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:37:54.126Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "38007", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/38007" }, { "name": "ADV-2010-0259", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0259" }, { "name": "1023519", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023519" }, { "name": "coldfusion-solr-information-disclosure(55997)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55997" }, { "name": "38387", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38387" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb2.adobe.com/cps/807/cpsid_80719.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-04.html" }, { "name": "62037", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/62037" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-01-29T00:00:00", "descriptions": [ { "lang": "en", "value": "The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "38007", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/38007" }, { "name": "ADV-2010-0259", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0259" }, { "name": "1023519", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023519" }, { "name": "coldfusion-solr-information-disclosure(55997)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55997" }, { "name": "38387", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38387" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb2.adobe.com/cps/807/cpsid_80719.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-04.html" }, { "name": "62037", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/62037" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-0185", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "38007", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38007" }, { "name": "ADV-2010-0259", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0259" }, { "name": "1023519", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023519" }, { "name": "coldfusion-solr-information-disclosure(55997)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55997" }, { "name": "38387", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38387" }, { "name": "http://kb2.adobe.com/cps/807/cpsid_80719.html", "refsource": "CONFIRM", "url": "http://kb2.adobe.com/cps/807/cpsid_80719.html" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-04.html" }, { "name": "62037", "refsource": "OSVDB", "url": "http://osvdb.org/62037" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-0185", "datePublished": "2010-02-03T18:00:00", "dateReserved": "2010-01-06T00:00:00", "dateUpdated": "2024-08-07T00:37:54.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-40698
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2018.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:51:07.012Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2018.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2021-40698", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T20:07:45.781377Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:07:49.774Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2018.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2021-09-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass\u202f\u202f. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.4, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "LOW", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-242", "description": "Use of Inherently Dangerous Function (CWE-242)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-07T12:54:33.320Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass\u202f\u202f" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-40698", "datePublished": "2023-09-07T12:54:33.320Z", "dateReserved": "2021-09-08T16:58:12.651Z", "dateUpdated": "2024-09-04T20:07:49.774Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0735
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/70779 | vdb-entry, x_refsource_OSVDB | |
http://websecurity.com.ua/4879/ | x_refsource_MISC | |
http://kb2.adobe.com/cps/890/cpsid_89094.html | x_refsource_CONFIRM | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM | |
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:05:52.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "70779", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/70779" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/4879/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-01-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"tag script.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-02-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "70779", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/70779" }, { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/4879/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0735", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"tag script.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "70779", "refsource": "OSVDB", "url": "http://osvdb.org/70779" }, { "name": "http://websecurity.com.ua/4879/", "refsource": "MISC", "url": "http://websecurity.com.ua/4879/" }, { "name": "http://kb2.adobe.com/cps/890/cpsid_89094.html", "refsource": "CONFIRM", "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0735", "datePublished": "2011-02-01T17:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:52.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1876
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb09-12.html | x_refsource_CONFIRM | |
http://osvdb.org/57189 | vdb-entry, x_refsource_OSVDB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.736Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57189", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57189" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a \"double-encoded null character vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-08-26T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57189", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57189" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1876", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a \"double-encoded null character vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57189", "refsource": "OSVDB", "url": "http://osvdb.org/57189" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1876", "datePublished": "2009-08-18T22:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.736Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0570
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1031020 | vdb-entry, x_refsource_SECTRACK | |
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:20:19.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1031020", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031020" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-11-14T14:57:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "1031020", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031020" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2014-0570", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1031020", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031020" }, { "name": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2014-0570", "datePublished": "2014-10-15T10:00:00", "dateReserved": "2013-12-20T00:00:00", "dateUpdated": "2024-08-06T09:20:19.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-8074
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Cold Fusion |
Version: ColdFusion 2018- update 4 and earlier Version: ColdFusion 2016- update 11 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:10:32.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cold Fusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2018- update 4 and earlier" }, { "status": "affected", "version": "ColdFusion 2016- update 11 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user." } ], "problemTypes": [ { "descriptions": [ { "description": "Path Traversal Vulnerability", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-27T15:20:18", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-8074", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cold Fusion", "version": { "version_data": [ { "version_value": "ColdFusion 2018- update 4 and earlier" }, { "version_value": "ColdFusion 2016- update 11 and earlier" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Path Traversal Vulnerability" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-8074", "datePublished": "2019-09-27T15:20:18", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:10:32.615Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38422
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-38422", "datePublished": "2022-10-14T19:42:57.112986Z", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-09-16T16:27:45.642Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3761
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: ColdFusion 2016, and ColdFusion 2018 versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:44:50.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote file read", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-25T19:11:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-3761", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote file read" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-3761", "datePublished": "2020-03-25T19:11:01", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2024-08-04T07:44:50.497Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-1389
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-13.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:57:05.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-05-16T10:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-1389", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-1389", "datePublished": "2013-05-16T10:00:00Z", "dateReserved": "2013-01-16T00:00:00Z", "dateUpdated": "2024-09-16T23:16:34.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35690
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:36:44.458Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Stack-based Buffer Overflow (CWE-121)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion ODBC Agent Stack-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-35690", "datePublished": "2022-10-14T19:42:55.991274Z", "dateReserved": "2022-07-12T00:00:00", "dateUpdated": "2024-09-16T20:07:29.658Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-0345
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1032106 | vdb-entry, x_refsource_SECTRACK | |
https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T04:03:11.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1032106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1032106" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-04-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-30T16:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "1032106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1032106" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2015-0345", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1032106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032106" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2015-0345", "datePublished": "2015-04-15T10:00:00", "dateReserved": "2014-12-01T00:00:00", "dateUpdated": "2024-08-06T04:03:11.086Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1872
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb09-12.html | x_refsource_CONFIRM | |
http://osvdb.org/57182 | vdb-entry, x_refsource_OSVDB | |
http://osvdb.org/57183 | vdb-entry, x_refsource_OSVDB | |
http://www.dsecrg.com/pages/vul/show.php?id=122 | x_refsource_MISC | |
http://osvdb.org/57185 | vdb-entry, x_refsource_OSVDB | |
http://osvdb.org/57184 | vdb-entry, x_refsource_OSVDB | |
http://www.securityfocus.com/archive/1/505803/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.747Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57182", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57182" }, { "name": "57183", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57183" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.dsecrg.com/pages/vul/show.php?id=122" }, { "name": "57185", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57185" }, { "name": "57184", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57184" }, { "name": "20090817 [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505803/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57182", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57182" }, { "name": "57183", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57183" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.dsecrg.com/pages/vul/show.php?id=122" }, { "name": "57185", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57185" }, { "name": "57184", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57184" }, { "name": "20090817 [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505803/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1872", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" }, { "name": "57182", "refsource": "OSVDB", "url": "http://osvdb.org/57182" }, { "name": "57183", "refsource": "OSVDB", "url": "http://osvdb.org/57183" }, { "name": "http://www.dsecrg.com/pages/vul/show.php?id=122", "refsource": "MISC", "url": "http://www.dsecrg.com/pages/vul/show.php?id=122" }, { "name": "57185", "refsource": "OSVDB", "url": "http://osvdb.org/57185" }, { "name": "57184", "refsource": "OSVDB", "url": "http://osvdb.org/57184" }, { "name": "20090817 [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505803/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1872", "datePublished": "2009-08-18T22:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.747Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3960
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/38197 | vdb-entry, x_refsource_BID | |
http://securitytracker.com/id?1023584 | vdb-entry, x_refsource_SECTRACK | |
http://www.osvdb.org/62292 | vdb-entry, x_refsource_OSVDB | |
http://secunia.com/advisories/38543 | third-party-advisory, x_refsource_SECUNIA | |
https://www.exploit-db.com/exploits/41855/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.adobe.com/support/security/bulletins/apsb10-05.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:50.647Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "38197", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/38197" }, { "name": "1023584", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023584" }, { "name": "62292", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/62292" }, { "name": "38543", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38543" }, { "name": "41855", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/41855/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-02-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-15T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "38197", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/38197" }, { "name": "1023584", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023584" }, { "name": "62292", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/62292" }, { "name": "38543", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38543" }, { "name": "41855", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/41855/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-3960", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "38197", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38197" }, { "name": "1023584", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023584" }, { "name": "62292", "refsource": "OSVDB", "url": "http://www.osvdb.org/62292" }, { "name": "38543", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38543" }, { "name": "41855", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41855/" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-05.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2009-3960", "datePublished": "2010-02-15T18:00:00", "dateReserved": "2009-11-16T00:00:00", "dateUpdated": "2024-08-07T06:45:50.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-9672
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html | x_refsource_CONFIRM |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Adobe | Adobe ColdFusion 2016 |
Version: update 15 and earlier versions |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:34:39.917Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion 2016", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "update 15 and earlier versions" } ] }, { "product": "Adobe ColdFusion 2018", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "update 9 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "description": "DLL search-order hijacking ", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-17T00:00:52", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-9672", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion 2016", "version": { "version_data": [ { "version_value": "update 15 and earlier versions" } ] } }, { "product_name": "Adobe ColdFusion 2018", "version": { "version_data": [ { "version_value": "update 9 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "DLL search-order hijacking " } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-9672", "datePublished": "2020-07-17T00:00:52", "dateReserved": "2020-03-02T00:00:00", "dateUpdated": "2024-08-04T10:34:39.917Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-4940
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/103718 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
Version: Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:18:27.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103718" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } ], "datePublic": "2018-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-20T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103718" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-4940", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "version": { "version_data": [ { "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103718" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-4940", "datePublished": "2018-05-19T17:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:18:27.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0625
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/57164 | vdb-entry, x_refsource_BID | |
http://www.adobe.com/support/security/bulletins/apsb13-03.html | x_refsource_CONFIRM | |
http://www.adobe.com/support/security/advisories/apsa13-01.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57164", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57164" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-01-15T10:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "57164", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/57164" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-0625", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57164", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57164" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb13-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "name": "http://www.adobe.com/support/security/advisories/apsa13-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-0625", "datePublished": "2013-01-09T01:00:00", "dateReserved": "2012-12-18T00:00:00", "dateUpdated": "2024-08-06T14:33:05.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11286
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100715 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1039321 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
Version: Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:05:29.964Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "100715", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100715" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039321" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } ], "datePublic": "2017-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ], "problemTypes": [ { "descriptions": [ { "description": "XML External Entity (XXE) Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-01T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "100715", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100715" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039321" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-11286", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "version": { "version_data": [ { "version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "XML External Entity (XXE) Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "100715", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100715" }, { "name": "1039321", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039321" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2017-11286", "datePublished": "2017-12-01T08:00:00", "dateReserved": "2017-07-13T00:00:00", "dateUpdated": "2024-08-05T18:05:29.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-5328
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-27.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:06:52.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-27.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-11-13T01:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-27.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-5328", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-27.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-27.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-5328", "datePublished": "2013-11-13T01:00:00Z", "dateReserved": "2013-08-20T00:00:00Z", "dateUpdated": "2024-09-17T02:42:47.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35711
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:44:21.531Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-35711", "datePublished": "2022-10-14T19:42:56.452298Z", "dateReserved": "2022-07-12T00:00:00", "dateUpdated": "2024-09-17T00:02:14.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29300
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2023.0.0.330468 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:07:44.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2023.0.0.330468", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-07-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-12T15:46:08.686Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-29300", "datePublished": "2023-07-12T15:46:08.686Z", "dateReserved": "2023-04-04T20:46:42.578Z", "dateUpdated": "2024-08-02T14:07:44.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26361
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2018U15, CF2021U5", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2023-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-23T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Directory Traversal Arbitrary file system read Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-26361", "datePublished": "2023-03-23T00:00:00", "dateReserved": "2023-02-22T00:00:00", "dateUpdated": "2024-08-02T11:46:24.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1203
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/29332 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/28207 | vdb-entry, x_refsource_BID | |
http://www.vupen.com/english/advisories/2008/0862/references | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1019600 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/support/security/bulletins/apsb08-08.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41150 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:17:34.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29332" }, { "name": "28207", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28207" }, { "name": "ADV-2008-0862", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "name": "1019600", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019600" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-08.html" }, { "name": "coldfusion-interface-brute-force(41150)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41150" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "29332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29332" }, { "name": "28207", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28207" }, { "name": "ADV-2008-0862", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "name": "1019600", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019600" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-08.html" }, { "name": "coldfusion-interface-brute-force(41150)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41150" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1203", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29332", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29332" }, { "name": "28207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28207" }, { "name": "ADV-2008-0862", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "name": "1019600", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019600" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb08-08.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-08.html" }, { "name": "coldfusion-interface-brute-force(41150)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41150" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1203", "datePublished": "2008-03-12T00:00:00", "dateReserved": "2008-03-07T00:00:00", "dateUpdated": "2024-08-07T08:17:34.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-1294
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/39790 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2010/1127 | vdb-entry, x_refsource_VUPEN | |
http://www.adobe.com/support/security/bulletins/apsb10-11.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T01:21:18.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-05-13T17:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "39790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-1294", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "39790", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-11.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-1294", "datePublished": "2010-05-13T17:00:00Z", "dateReserved": "2010-04-06T00:00:00Z", "dateUpdated": "2024-09-16T18:29:49.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-5315
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://jvn.jp/en/jp/JVN84376800/index.html | third-party-advisory, x_refsource_JVN | |
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000105 | third-party-advisory, x_refsource_JVNDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/95958 | vdb-entry, x_refsource_XF | |
http://jvn.jp/en/jp/JVN84376800/244523/index.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T11:41:48.317Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "JVN#84376800", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN84376800/index.html" }, { "name": "JVNDB-2014-000105", "tags": [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred" ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000105" }, { "name": "codefusion-cve20145315-xss(95958)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95958" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN84376800/244523/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-07T15:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "name": "JVN#84376800", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/en/jp/JVN84376800/index.html" }, { "name": "JVNDB-2014-000105", "tags": [ "third-party-advisory", "x_refsource_JVNDB" ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000105" }, { "name": "codefusion-cve20145315-xss(95958)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95958" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://jvn.jp/en/jp/JVN84376800/244523/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2014-5315", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "JVN#84376800", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN84376800/index.html" }, { "name": "JVNDB-2014-000105", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000105" }, { "name": "codefusion-cve20145315-xss(95958)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95958" }, { "name": "http://jvn.jp/en/jp/JVN84376800/244523/index.html", "refsource": "CONFIRM", "url": "http://jvn.jp/en/jp/JVN84376800/244523/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2014-5315", "datePublished": "2014-09-26T10:00:00", "dateReserved": "2014-08-18T00:00:00", "dateUpdated": "2024-08-06T11:41:48.317Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0581
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.vupen.com/english/advisories/2011/0334 | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1025036 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/65276 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/46281 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/43264 | third-party-advisory, x_refsource_SECUNIA | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:25.810Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "adobe-coldfusion-crlf-injection(65276)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65276" }, { "name": "46281", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46281" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "adobe-coldfusion-crlf-injection(65276)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65276" }, { "name": "46281", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46281" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0581", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2011-0334", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025036" }, { "name": "adobe-coldfusion-crlf-injection(65276)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65276" }, { "name": "46281", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46281" }, { "name": "43264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43264" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0581", "datePublished": "2011-02-10T15:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:25.810Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-4941
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/103718 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
Version: Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:18:27.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103718" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } ], "datePublic": "2018-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-20T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103718" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-4941", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "version": { "version_data": [ { "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103718" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-4941", "datePublished": "2018-05-19T17:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:18:27.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15959
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/105313 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:05.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105313" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Deserialization of untrusted data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105313" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15959", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Deserialization of untrusted data" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105313" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15959", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:05.699Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8052
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/77625 | vdb-entry, x_refsource_BID | |
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1034211 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:06:31.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "77625", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77625" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "name": "1034211", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T22:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "77625", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77625" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "name": "1034211", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034211" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2015-8052", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "77625", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77625" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "name": "1034211", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034211" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2015-8052", "datePublished": "2015-11-18T21:00:00", "dateReserved": "2015-11-02T00:00:00", "dateUpdated": "2024-08-06T08:06:31.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-4939
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/103718 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
Version: Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:18:27.073Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103718" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } ], "datePublic": "2018-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Deserialization of Untrusted Data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-20T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103718" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-4939", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "version": { "version_data": [ { "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Deserialization of Untrusted Data" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103718" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-4939", "datePublished": "2018-05-19T17:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:18:27.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-1388
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-10.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:57:05.121Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-10.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-04-10T01:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-10.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-1388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-10.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-1388", "datePublished": "2013-04-10T01:00:00Z", "dateReserved": "2013-01-16T00:00:00Z", "dateUpdated": "2024-09-16T18:08:49.710Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-7840
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:02:19.046Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Deserialization of untrusted data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-12T15:14:22", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-7840", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Deserialization of untrusted data" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-7840", "datePublished": "2019-06-12T15:14:22", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:02:19.046Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-6483
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/21532 | vdb-entry, x_refsource_BID | |
http://securitytracker.com/id?1017361 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/23281 | third-party-advisory, x_refsource_SECUNIA | |
http://securityreason.com/securityalert/2021 | third-party-advisory, x_refsource_SREASON | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/30841 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2006/4949 | vdb-entry, x_refsource_VUPEN | |
http://www.adobe.com/support/security/bulletins/apsb07-06.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/archive/1/454046/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:26:46.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21532", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21532" }, { "name": "1017361", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017361" }, { "name": "23281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23281" }, { "name": "2021", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2021" }, { "name": "coldfusion-path-xss(30841)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30841" }, { "name": "ADV-2006-4949", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4949" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-06.html" }, { "name": "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/454046/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-12-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using \"%00script\" in a tag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "21532", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21532" }, { "name": "1017361", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017361" }, { "name": "23281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23281" }, { "name": "2021", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2021" }, { "name": "coldfusion-path-xss(30841)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30841" }, { "name": "ADV-2006-4949", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4949" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-06.html" }, { "name": "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/454046/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6483", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using \"%00script\" in a tag." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21532", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21532" }, { "name": "1017361", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017361" }, { "name": "23281", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23281" }, { "name": "2021", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2021" }, { "name": "coldfusion-path-xss(30841)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30841" }, { "name": "ADV-2006-4949", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4949" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb07-06.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-06.html" }, { "name": "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454046/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6483", "datePublished": "2006-12-12T20:00:00", "dateReserved": "2006-12-12T00:00:00", "dateUpdated": "2024-08-07T20:26:46.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34113
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021u13 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-34113", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T17:06:47.358578Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T17:07:30.153Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:43:00.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021u13", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-06-11T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-261", "description": "Weak Cryptography for Passwords (CWE-261)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:55:16.320Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Weak Cryptography for Passwords (CWE-261)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-34113", "datePublished": "2024-06-13T11:27:15.139Z", "dateReserved": "2024-04-30T19:50:50.903Z", "dateUpdated": "2024-09-16T12:55:16.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3794
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: ColdFusion 2016, and ColdFusion 2018 versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:44:51.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory." } ], "problemTypes": [ { "descriptions": [ { "description": "File inclusion ", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-25T19:11:10", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-3794", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "File inclusion " } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-3794", "datePublished": "2020-03-25T19:11:10", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2024-08-04T07:44:51.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38423
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-38423", "datePublished": "2022-10-14T19:42:57.344507Z", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-09-16T19:20:59.965Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11283
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1039321 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/100708 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
Version: Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:05:30.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039321" }, { "name": "100708", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100708" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } ], "datePublic": "2017-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ], "problemTypes": [ { "descriptions": [ { "description": "Vulnerable 3rd Party Library", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-01T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039321" }, { "name": "100708", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100708" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-11283", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "version": { "version_data": [ { "version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Vulnerable 3rd Party Library" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "1039321", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039321" }, { "name": "100708", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100708" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2017-11283", "datePublished": "2017-12-01T08:00:00", "dateReserved": "2017-07-13T00:00:00", "dateUpdated": "2024-08-05T18:05:30.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38204
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ cf2023U2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "cf2023U2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-07-19T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-14T07:40:13.695Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Bypass APSB23-41 (CVE-2023-38203) - Pre-Auth RCE ColdFusion 2021 Update 8" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-38204", "datePublished": "2023-09-14T07:40:13.695Z", "dateReserved": "2023-07-13T16:21:52.612Z", "dateUpdated": "2024-08-02T17:30:14.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11284
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1039321 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/100708 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
Version: Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:05:30.226Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039321" }, { "name": "100708", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100708" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } ], "datePublic": "2017-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ], "problemTypes": [ { "descriptions": [ { "description": "Vulnerable 3rd Party Library", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-01T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "1039321", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039321" }, { "name": "100708", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100708" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-11284", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "version": { "version_data": [ { "version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Vulnerable 3rd Party Library" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" }, { "name": "1039321", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039321" }, { "name": "100708", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100708" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2017-11284", "datePublished": "2017-12-01T08:00:00", "dateReserved": "2017-07-13T00:00:00", "dateUpdated": "2024-08-05T18:05:30.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44355
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-44355", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T15:59:47.747440Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T15:59:51.033Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 4.3, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 4.3, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:57:55.727Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Improper Input Validation (CWE-20)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44355", "datePublished": "2023-11-17T13:31:33.927Z", "dateReserved": "2023-09-28T16:25:40.452Z", "dateUpdated": "2024-10-11T15:59:51.033Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0733
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/70777 | vdb-entry, x_refsource_OSVDB | |
http://websecurity.com.ua/4879/ | x_refsource_MISC | |
http://kb2.adobe.com/cps/890/cpsid_89094.html | x_refsource_CONFIRM | |
http://securitytracker.com/id?1025012 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM | |
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:05:53.436Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "70777", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/70777" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/4879/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "name": "1025012", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1025012" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-01-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-02-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "70777", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/70777" }, { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/4879/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "name": "1025012", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1025012" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0733", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "70777", "refsource": "OSVDB", "url": "http://osvdb.org/70777" }, { "name": "http://websecurity.com.ua/4879/", "refsource": "MISC", "url": "http://websecurity.com.ua/4879/" }, { "name": "http://kb2.adobe.com/cps/890/cpsid_89094.html", "refsource": "CONFIRM", "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "name": "1025012", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025012" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0733", "datePublished": "2011-02-01T17:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:53.436Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-2463
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb11-29.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id?1026405 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:00:33.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-29.html" }, { "name": "1026405", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026405" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-02-02T10:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-29.html" }, { "name": "1026405", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026405" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-2463", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb11-29.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-29.html" }, { "name": "1026405", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026405" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-2463", "datePublished": "2011-12-14T11:00:00", "dateReserved": "2011-06-06T00:00:00", "dateUpdated": "2024-08-06T23:00:33.827Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42341
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (CWE-611)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-42341", "datePublished": "2022-10-14T19:42:58.021032Z", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-09-16T23:35:45.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0629
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/68027 | vdb-entry, x_refsource_XF | |
http://www.adobe.com/support/security/bulletins/apsb11-14.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:26.033Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "coldfusion-unspec-csrf(68027)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68027" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "coldfusion-unspec-csrf(68027)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68027" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0629", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "coldfusion-unspec-csrf(68027)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68027" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-14.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0629", "datePublished": "2011-06-16T23:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:26.033Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26360
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2018U15", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2021U5", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2023-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-01T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html" }, { "url": "http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Improper Access Control Arbitrary code execution" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-26360", "datePublished": "2023-03-23T00:00:00", "dateReserved": "2023-02-22T00:00:00", "dateUpdated": "2024-08-02T11:46:24.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1656
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/41720 | vdb-entry, x_refsource_XF | |
http://www.adobe.com/support/security/bulletins/apsb08-12.html | x_refsource_CONFIRM | |
http://www.osvdb.org/44280 | vdb-entry, x_refsource_OSVDB | |
http://securitytracker.com/id?1019806 | vdb-entry, x_refsource_SECTRACK | |
http://www.vupen.com/english/advisories/2008/1157 | vdb-entry, x_refsource_VUPEN | |
http://secunia.com/advisories/29748 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/28698 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:32:00.642Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "adobe-coldfusion-cfc-security-bypass(41720)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41720" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-12.html" }, { "name": "44280", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/44280" }, { "name": "1019806", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019806" }, { "name": "ADV-2008-1157", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1157" }, { "name": "29748", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29748" }, { "name": "28698", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28698" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-04-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "adobe-coldfusion-cfc-security-bypass(41720)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41720" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-12.html" }, { "name": "44280", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/44280" }, { "name": "1019806", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019806" }, { "name": "ADV-2008-1157", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1157" }, { "name": "29748", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29748" }, { "name": "28698", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28698" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1656", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "adobe-coldfusion-cfc-security-bypass(41720)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41720" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb08-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-12.html" }, { "name": "44280", "refsource": "OSVDB", "url": "http://www.osvdb.org/44280" }, { "name": "1019806", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019806" }, { "name": "ADV-2008-1157", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1157" }, { "name": "29748", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29748" }, { "name": "28698", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28698" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1656", "datePublished": "2008-04-09T19:00:00", "dateReserved": "2008-04-02T00:00:00", "dateUpdated": "2024-08-07T08:32:00.642Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38418
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.691Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-38418", "datePublished": "2022-10-14T19:42:55.217625Z", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-09-16T16:28:33.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38206
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ cf2023U2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "cf2023U2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-07-19T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:59:39.897Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Improper Access Control (CWE-284)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-38206", "datePublished": "2023-09-14T07:40:06.729Z", "dateReserved": "2023-07-13T16:21:52.612Z", "dateUpdated": "2024-09-16T12:59:39.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44352
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:33.117Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-44352", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T18:55:37.546184Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-29T16:06:40.067Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 6.1, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:31.903Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44352", "datePublished": "2023-11-17T13:31:31.903Z", "dateReserved": "2023-09-28T16:25:40.451Z", "dateUpdated": "2024-10-29T16:06:40.067Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-5255
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=145996963420108&w=2 | vendor-advisory, x_refsource_HP | |
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html | x_refsource_CONFIRM | |
http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html | x_refsource_MISC | |
http://www.securitytracker.com/id/1034210 | vdb-entry, x_refsource_SECTRACK | |
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670 | x_refsource_CONFIRM | |
http://www.vmware.com/security/advisories/VMSA-2015-0008.html | x_refsource_CONFIRM | |
https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/archive/1/536958/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/77626 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T06:41:08.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBST03568", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html" }, { "name": "1034210", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034210" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html" }, { "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded" }, { "name": "77626", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77626" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBST03568", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html" }, { "name": "1034210", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034210" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html" }, { "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded" }, { "name": "77626", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77626" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5255", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBST03568", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2" }, { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "name": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html" }, { "name": "1034210", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034210" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html" }, { "name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html" }, { "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded" }, { "name": "77626", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77626" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5255", "datePublished": "2015-11-18T21:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:08.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-1293
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/39790 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2010/1127 | vdb-entry, x_refsource_VUPEN | |
http://www.adobe.com/support/security/bulletins/apsb10-11.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T01:21:18.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-05-13T17:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "39790", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-1293", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "39790", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39790" }, { "name": "ADV-2010-1127", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1127" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-11.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-1293", "datePublished": "2010-05-13T17:00:00Z", "dateReserved": "2010-04-06T00:00:00Z", "dateUpdated": "2024-09-16T22:50:48.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-4724
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.vupen.com/english/advisories/2006/3574 | vdb-entry, x_refsource_VUPEN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28912 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/19984 | vdb-entry, x_refsource_BID | |
http://www.adobe.com/support/security/bulletins/apsb06-12.html | x_refsource_CONFIRM | |
http://securitytracker.com/id?1016833 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/21866 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:41.088Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2006-3574", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3574" }, { "name": "coldfusion-flash-dos(28912)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28912" }, { "name": "19984", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19984" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-12.html" }, { "name": "1016833", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016833" }, { "name": "21866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21866" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2006-3574", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3574" }, { "name": "coldfusion-flash-dos(28912)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28912" }, { "name": "19984", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19984" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-12.html" }, { "name": "1016833", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016833" }, { "name": "21866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21866" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-3574", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3574" }, { "name": "coldfusion-flash-dos(28912)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28912" }, { "name": "19984", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19984" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb06-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb06-12.html" }, { "name": "1016833", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016833" }, { "name": "21866", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21866" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4724", "datePublished": "2006-09-14T00:00:00", "dateReserved": "2006-09-12T00:00:00", "dateUpdated": "2024-08-07T19:23:41.088Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-0643
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/29332 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2008/0862/references | vdb-entry, x_refsource_VUPEN | |
http://www.adobe.com/support/security/bulletins/apsb08-06.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id?1019589 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/28205 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41144 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:54:22.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29332" }, { "name": "ADV-2008-0862", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-06.html" }, { "name": "1019589", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019589" }, { "name": "28205", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28205" }, { "name": "adobe-coldfusion-useragent-xss(41144)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41144" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "29332", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29332" }, { "name": "ADV-2008-0862", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-06.html" }, { "name": "1019589", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019589" }, { "name": "28205", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28205" }, { "name": "adobe-coldfusion-useragent-xss(41144)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41144" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0643", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29332", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29332" }, { "name": "ADV-2008-0862", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0862/references" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb08-06.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-06.html" }, { "name": "1019589", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019589" }, { "name": "28205", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28205" }, { "name": "adobe-coldfusion-useragent-xss(41144)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41144" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0643", "datePublished": "2008-03-12T00:00:00", "dateReserved": "2008-02-07T00:00:00", "dateUpdated": "2024-08-07T07:54:22.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-2861
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ | x_refsource_MISC | |
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07 | x_refsource_MISC | |
http://www.adobe.com/support/security/bulletins/apsb10-18.html | x_refsource_CONFIRM | |
http://securityreason.com/securityalert/8137 | third-party-advisory, x_refsource_SREASON | |
http://securityreason.com/securityalert/8148 | third-party-advisory, x_refsource_SREASON |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:46:48.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html" }, { "name": "8137", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/8137" }, { "name": "8148", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/8148" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-08-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-08-24T09:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html" }, { "name": "8137", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/8137" }, { "name": "8148", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/8148" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-2861", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/" }, { "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07", "refsource": "MISC", "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-18.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html" }, { "name": "8137", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8137" }, { "name": "8148", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8148" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-2861", "datePublished": "2010-08-11T18:00:00", "dateReserved": "2010-07-27T00:00:00", "dateUpdated": "2024-08-07T02:46:48.523Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26347
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26347", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T17:28:45.976291Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T14:17:57.249Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:33.156Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "CVE-2023-38205 issues | ColdFusion Admin Panel Access" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-26347", "datePublished": "2023-11-17T13:31:33.156Z", "dateReserved": "2023-02-22T19:47:52.374Z", "dateUpdated": "2024-10-21T14:17:57.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3768
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: ColdFusion 2016, and ColdFusion 2018 versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:44:50.520Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "description": "DLL search-order hijacking", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-26T20:19:51", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2020-3768", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "ColdFusion 2016, and ColdFusion 2018 versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "DLL search-order hijacking" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-3768", "datePublished": "2020-06-26T20:19:51", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2024-08-04T07:44:50.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15958
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/105313 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:05.695Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105313" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Deserialization of untrusted data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105313" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15958", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Deserialization of untrusted data" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105313" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15958", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:05.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-8073
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Cold Fusion |
Version: ColdFusion 2018- update 4 and earlier Version: ColdFusion 2016- update 11 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:10:32.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cold Fusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2018- update 4 and earlier" }, { "status": "affected", "version": "ColdFusion 2016- update 11 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user." } ], "problemTypes": [ { "descriptions": [ { "description": "Command Injection via Vulnerable component", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-27T15:19:29", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-8073", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cold Fusion", "version": { "version_data": [ { "version_value": "ColdFusion 2018- update 4 and earlier" }, { "version_value": "ColdFusion 2016- update 11 and earlier" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Command Injection via Vulnerable component" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-8073", "datePublished": "2019-09-27T15:19:29", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:10:32.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-4368
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb11-29.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id?1026405 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:18.322Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-29.html" }, { "name": "1026405", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026405" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-02-02T10:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-29.html" }, { "name": "1026405", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026405" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-4368", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb11-29.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-29.html" }, { "name": "1026405", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026405" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-4368", "datePublished": "2011-12-14T11:00:00", "dateReserved": "2011-11-04T00:00:00", "dateUpdated": "2024-08-07T00:09:18.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28818
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:03:53.115Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U3", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018U13", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:59:12", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2022-05-10T23:00:00.000Z", "ID": "CVE-2022-28818", "STATE": "PUBLIC", "TITLE": "ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "CF2021U3" }, { "version_affected": "\u003c=", "version_value": "CF2018U13" }, { "version_affected": "\u003c=", "version_value": "None" }, { "version_affected": "\u003c=", "version_value": "None" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-28818", "datePublished": "2022-05-12T18:59:12.804571Z", "dateReserved": "2022-04-08T00:00:00", "dateUpdated": "2024-09-16T17:54:20.583Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38205
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ cf2023U2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.115Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38205", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T19:00:51.927416Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-07-20", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38205" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T19:01:13.815Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "cf2023U2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-07-19T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-14T07:40:12.725Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-38205", "datePublished": "2023-09-14T07:40:12.725Z", "dateReserved": "2023-07-13T16:21:52.612Z", "dateUpdated": "2024-09-16T19:01:13.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3350
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-19.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1028757 | vdb-entry, x_refsource_SECTRACK | |
http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:07:37.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html" }, { "name": "1028757", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1028757" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-07-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-01-24T17:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html" }, { "name": "1028757", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1028757" }, { "tags": [ "x_refsource_MISC" ], "url": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-3350", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-19.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html" }, { "name": "1028757", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028757" }, { "name": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h", "refsource": "MISC", "url": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-3350", "datePublished": "2013-07-10T10:00:00", "dateReserved": "2013-05-06T00:00:00", "dateUpdated": "2024-08-06T16:07:37.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35710
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:44:21.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Stack-based Buffer Overflow (CWE-121)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-14T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-35710", "datePublished": "2022-10-14T19:42:55.472442Z", "dateReserved": "2022-07-12T00:00:00", "dateUpdated": "2024-09-16T23:06:03.491Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0734
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/70778 | vdb-entry, x_refsource_OSVDB | |
http://websecurity.com.ua/4879/ | x_refsource_MISC | |
http://kb2.adobe.com/cps/890/cpsid_89094.html | x_refsource_CONFIRM | |
http://securitytracker.com/id?1025012 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM | |
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:05:53.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "70778", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/70778" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://websecurity.com.ua/4879/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "name": "1025012", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1025012" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-01-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a \"tag body\" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-02-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "70778", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/70778" }, { "tags": [ "x_refsource_MISC" ], "url": "http://websecurity.com.ua/4879/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "name": "1025012", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1025012" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0734", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a \"tag body\" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "70778", "refsource": "OSVDB", "url": "http://osvdb.org/70778" }, { "name": "http://websecurity.com.ua/4879/", "refsource": "MISC", "url": "http://websecurity.com.ua/4879/" }, { "name": "http://kb2.adobe.com/cps/890/cpsid_89094.html", "refsource": "CONFIRM", "url": "http://kb2.adobe.com/cps/890/cpsid_89094.html" }, { "name": "1025012", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025012" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "20110128 Vulnerabilities in Adobe ColdFusion", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0734", "datePublished": "2011-02-01T17:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:53.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1875
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/57188 | vdb-entry, x_refsource_OSVDB | |
http://www.adobe.com/support/security/bulletins/apsb09-12.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:27:54.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57188", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/57188" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-08-26T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "57188", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/57188" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1875", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57188", "refsource": "OSVDB", "url": "http://osvdb.org/57188" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1875", "datePublished": "2009-08-18T22:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2024-08-07T05:27:54.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-5674
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://osvdb.org/87555 | vdb-entry, x_refsource_OSVDB | |
http://www.adobe.com/support/security/bulletins/apsb12-25.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/80139 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:14:16.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "87555", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/87555" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-25.html" }, { "name": "adobe-coldfusion-unspec-dos(80139)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "87555", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/87555" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-25.html" }, { "name": "adobe-coldfusion-unspec-dos(80139)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-5674", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "87555", "refsource": "OSVDB", "url": "http://osvdb.org/87555" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb12-25.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-25.html" }, { "name": "adobe-coldfusion-unspec-dos(80139)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2012-5674", "datePublished": "2012-11-20T02:00:00", "dateReserved": "2012-10-29T00:00:00", "dateUpdated": "2024-08-06T21:14:16.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15963
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105310 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:05.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105310", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105310" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation." } ], "problemTypes": [ { "descriptions": [ { "description": "Security bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105310", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105310" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15963", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "105310", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105310" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15963", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:05.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0583
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/46277 | vdb-entry, x_refsource_BID | |
http://www.vupen.com/english/advisories/2011/0334 | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1025036 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/65279 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/43264 | third-party-advisory, x_refsource_SECUNIA | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:25.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "46277", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46277" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "adobe-coldfusion-cfform-xss(65279)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65279" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "46277", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46277" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "adobe-coldfusion-cfform-xss(65279)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65279" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0583", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "46277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46277" }, { "name": "ADV-2011-0334", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025036" }, { "name": "adobe-coldfusion-cfform-xss(65279)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65279" }, { "name": "43264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43264" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0583", "datePublished": "2011-02-10T15:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:25.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-6482
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/21532 | vdb-entry, x_refsource_BID | |
http://securitytracker.com/id?1017361 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/23281 | third-party-advisory, x_refsource_SECUNIA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/30840 | vdb-entry, x_refsource_XF | |
http://securityreason.com/securityalert/2021 | third-party-advisory, x_refsource_SREASON | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/30839 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2006/4949 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/archive/1/454046/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:26:46.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21532", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21532" }, { "name": "1017361", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017361" }, { "name": "23281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23281" }, { "name": "coldfusion-login-information-disclosure(30840)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30840" }, { "name": "2021", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2021" }, { "name": "coldfusion-extensions-path-disclosure(30839)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30839" }, { "name": "ADV-2006-4949", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4949" }, { "name": "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/454046/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-12-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server\u0027s internal IP address in an HREF tag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "21532", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21532" }, { "name": "1017361", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017361" }, { "name": "23281", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23281" }, { "name": "coldfusion-login-information-disclosure(30840)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30840" }, { "name": "2021", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2021" }, { "name": "coldfusion-extensions-path-disclosure(30839)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30839" }, { "name": "ADV-2006-4949", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4949" }, { "name": "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/454046/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6482", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server\u0027s internal IP address in an HREF tag." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21532", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21532" }, { "name": "1017361", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017361" }, { "name": "23281", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23281" }, { "name": "coldfusion-login-information-disclosure(30840)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30840" }, { "name": "2021", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2021" }, { "name": "coldfusion-extensions-path-disclosure(30839)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30839" }, { "name": "ADV-2006-4949", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4949" }, { "name": "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454046/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6482", "datePublished": "2006-12-12T20:00:00", "dateReserved": "2006-12-12T00:00:00", "dateUpdated": "2024-08-07T20:26:46.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-0817
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/archive/1/459178/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://osvdb.org/32120 | vdb-entry, x_refsource_OSVDB | |
http://www.securityfocus.com/bid/22401 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/24115 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2007/0593 | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1017645 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/support/security/bulletins/apsb07-04.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:34:21.250Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20070205 Cold Fusion Web Server XSS 0 day", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/459178/100/0/threaded" }, { "name": "32120", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/32120" }, { "name": "22401", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22401" }, { "name": "24115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24115" }, { "name": "ADV-2007-0593", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0593" }, { "name": "1017645", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017645" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-04.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20070205 Cold Fusion Web Server XSS 0 day", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/459178/100/0/threaded" }, { "name": "32120", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/32120" }, { "name": "22401", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22401" }, { "name": "24115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24115" }, { "name": "ADV-2007-0593", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0593" }, { "name": "1017645", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017645" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-04.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0817", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20070205 Cold Fusion Web Server XSS 0 day", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459178/100/0/threaded" }, { "name": "32120", "refsource": "OSVDB", "url": "http://osvdb.org/32120" }, { "name": "22401", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22401" }, { "name": "24115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24115" }, { "name": "ADV-2007-0593", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0593" }, { "name": "1017645", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017645" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb07-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-04.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0817", "datePublished": "2007-02-07T11:00:00", "dateReserved": "2007-02-07T00:00:00", "dateUpdated": "2024-08-07T12:34:21.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26359
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.561Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2018U15, CF2021U5", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2023-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-23T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-26359", "datePublished": "2023-03-23T00:00:00", "dateReserved": "2023-02-22T00:00:00", "dateUpdated": "2024-08-02T11:46:24.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-4938
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/103718 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
Version: Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:18:27.045Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103718" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } ], "datePublic": "2018-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "description": "Insecure Library Loading", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-20T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103718" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-4938", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "version": { "version_data": [ { "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insecure Library Loading" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103718" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-4938", "datePublished": "2018-05-19T17:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:18:27.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2041
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb12-15.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:17:27.759Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-15.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-06-13T01:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-15.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-2041", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb12-15.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-15.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2012-2041", "datePublished": "2012-06-13T01:00:00Z", "dateReserved": "2012-04-02T00:00:00Z", "dateUpdated": "2024-09-16T22:40:25.782Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0631
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-03.html | x_refsource_CONFIRM | |
http://www.adobe.com/support/security/advisories/apsa13-01.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-01-18T10:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-0631", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" }, { "name": "http://www.adobe.com/support/security/advisories/apsa13-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-0631", "datePublished": "2013-01-09T01:00:00", "dateReserved": "2012-12-18T00:00:00", "dateUpdated": "2024-08-06T14:33:05.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44351
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.5", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44351", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:06:47.590147Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:10:46.647Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:34.680Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion RCE Security Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44351", "datePublished": "2023-11-17T13:31:34.680Z", "dateReserved": "2023-09-28T16:25:40.451Z", "dateUpdated": "2024-09-04T19:10:46.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-4831
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1021145 | vdb-entry, x_refsource_SECTRACK | |
http://osvdb.org/49709 | vdb-entry, x_refsource_OSVDB | |
http://www.adobe.com/support/security/bulletins/apsb08-21.html | x_refsource_CONFIRM | |
http://www.vupen.com/english/advisories/2008/3032 | vdb-entry, x_refsource_VUPEN | |
http://secunia.com/advisories/32567 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/32130 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:31:27.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1021145", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1021145" }, { "name": "49709", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/49709" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-21.html" }, { "name": "ADV-2008-3032", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/3032" }, { "name": "32567", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32567" }, { "name": "32130", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/32130" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-11-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1021145", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1021145" }, { "name": "49709", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/49709" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb08-21.html" }, { "name": "ADV-2008-3032", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/3032" }, { "name": "32567", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32567" }, { "name": "32130", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/32130" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4831", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1021145", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021145" }, { "name": "49709", "refsource": "OSVDB", "url": "http://osvdb.org/49709" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb08-21.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-21.html" }, { "name": "ADV-2008-3032", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3032" }, { "name": "32567", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32567" }, { "name": "32130", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32130" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4831", "datePublished": "2008-11-10T11:00:00", "dateReserved": "2008-10-31T00:00:00", "dateUpdated": "2024-08-07T10:31:27.832Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-2091
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/68028 | vdb-entry, x_refsource_XF | |
http://osvdb.org/73050 | vdb-entry, x_refsource_OSVDB | |
http://www.adobe.com/support/security/bulletins/apsb11-14.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:46:00.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "coldfusion-unspec-dos(68028)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68028" }, { "name": "73050", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/73050" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "coldfusion-unspec-dos(68028)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68028" }, { "name": "73050", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/73050" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-2091", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "coldfusion-unspec-dos(68028)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68028" }, { "name": "73050", "refsource": "OSVDB", "url": "http://osvdb.org/73050" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-14.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-2091", "datePublished": "2011-06-16T23:00:00", "dateReserved": "2011-05-13T00:00:00", "dateUpdated": "2024-08-06T22:46:00.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-21087
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:01:13.274Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2016.16", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "2018.10", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "2021.0.0.323925", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-03-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-28T12:41:42", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-03-22T23:00:00.000Z", "ID": "CVE-2021-21087", "STATE": "PUBLIC", "TITLE": "ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "2016.16" }, { "version_affected": "\u003c=", "version_value": "2018.10" }, { "version_affected": "\u003c=", "version_value": "2021.0.0.323925" }, { "version_affected": "\u003c=", "version_value": "None" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction." } ] }, "impact": { "cvss": { "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 5.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Changed", "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-site Scripting (XSS) (CWE-79)" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-21087", "datePublished": "2021-04-15T13:54:29.883626Z", "dateReserved": "2020-12-18T00:00:00", "dateUpdated": "2024-09-16T19:45:38.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15957
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041621 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/105313 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:10:05.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105313" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } ], "datePublic": "2018-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Deserialization of untrusted data", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-26T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105313" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-15957", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Deserialization of untrusted data" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" }, { "name": "1041621", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041621" }, { "name": "105313", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105313" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-15957", "datePublished": "2018-09-25T13:00:00", "dateReserved": "2018-08-28T00:00:00", "dateUpdated": "2024-08-05T10:10:05.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0770
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1026830 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/support/security/bulletins/apsb12-06.html | x_refsource_CONFIRM | |
http://osvdb.org/80008 | vdb-entry, x_refsource_OSVDB | |
http://secunia.com/advisories/48393 | third-party-advisory, x_refsource_SECUNIA | |
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/73955 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1026830", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026830" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-06.html" }, { "name": "80008", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/80008" }, { "name": "48393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48393" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html" }, { "name": "adobe-coldfusion-hash-dos(73955)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73955" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-10T18:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "1026830", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026830" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-06.html" }, { "name": "80008", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/80008" }, { "name": "48393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48393" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html" }, { "name": "adobe-coldfusion-hash-dos(73955)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73955" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-0770", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1026830", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026830" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb12-06.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-06.html" }, { "name": "80008", "refsource": "OSVDB", "url": "http://osvdb.org/80008" }, { "name": "48393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48393" }, { "name": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html" }, { "name": "adobe-coldfusion-hash-dos(73955)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73955" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2012-0770", "datePublished": "2012-03-13T22:00:00", "dateReserved": "2012-01-18T00:00:00", "dateUpdated": "2024-08-06T18:38:14.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-4942
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/103718 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
Version: Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:18:27.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103718" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } ], "datePublic": "2018-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "Unsafe XML External Entity Processing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-20T09:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103718" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-4942", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "version": { "version_data": [ { "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unsafe XML External Entity Processing" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" }, { "name": "103718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103718" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-4942", "datePublished": "2018-05-19T17:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:18:27.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-7839
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html | x_refsource_CONFIRM | |
https://seclists.org/bugtraq/2019/Jun/38 | mailing-list, x_refsource_BUGTRAQ | |
http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:02:19.014Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" }, { "name": "20190626 [SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/38" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Command Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T17:06:06", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" }, { "name": "20190626 [SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/38" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-7839", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "Update 3 and earlier, Update 10 and earlier, and Update\u00a018 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Command Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html" }, { "name": "20190626 [SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/38" }, { "name": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153439/Coldfusion-JNBridge-Remote-Code-Execution.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-7839", "datePublished": "2019-06-12T15:14:04", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:02:19.014Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-5905
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/38446 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/27644 | third-party-advisory, x_refsource_SECUNIA | |
http://www.adobe.com/support/security/bulletins/apsb07-19.html | x_refsource_CONFIRM | |
http://osvdb.org/41478 | vdb-entry, x_refsource_OSVDB | |
http://securitytracker.com/id?1018944 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/go/kb402805 | x_refsource_CONFIRM | |
http://www.vupen.com/english/advisories/2007/3859 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/bid/26429 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:47:00.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "coldfusion-cfid-cftoken-session-hijacking(38446)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38446" }, { "name": "27644", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27644" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-19.html" }, { "name": "41478", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/41478" }, { "name": "1018944", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018944" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/go/kb402805" }, { "name": "ADV-2007-3859", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3859" }, { "name": "26429", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/26429" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "coldfusion-cfid-cftoken-session-hijacking(38446)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38446" }, { "name": "27644", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27644" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb07-19.html" }, { "name": "41478", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/41478" }, { "name": "1018944", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018944" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/go/kb402805" }, { "name": "ADV-2007-3859", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3859" }, { "name": "26429", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/26429" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5905", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "coldfusion-cfid-cftoken-session-hijacking(38446)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38446" }, { "name": "27644", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27644" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb07-19.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-19.html" }, { "name": "41478", "refsource": "OSVDB", "url": "http://osvdb.org/41478" }, { "name": "1018944", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018944" }, { "name": "http://www.adobe.com/go/kb402805", "refsource": "CONFIRM", "url": "http://www.adobe.com/go/kb402805" }, { "name": "ADV-2007-3859", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3859" }, { "name": "26429", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26429" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5905", "datePublished": "2007-11-15T20:00:00", "dateReserved": "2007-11-09T00:00:00", "dateUpdated": "2024-08-07T15:47:00.670Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-8072
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Cold Fusion |
Version: ColdFusion 2018- update 4 and earlier Version: ColdFusion 2016- update 11 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:10:32.470Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cold Fusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "ColdFusion 2018- update 4 and earlier" }, { "status": "affected", "version": "ColdFusion 2016- update 11 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user." } ], "problemTypes": [ { "descriptions": [ { "description": "Security bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-27T15:16:54", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-8072", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cold Fusion", "version": { "version_data": [ { "version_value": "ColdFusion 2018- update 4 and earlier" }, { "version_value": "ColdFusion 2016- update 11 and earlier" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-8072", "datePublished": "2019-09-27T15:16:54", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:10:32.470Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-4726
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/21858 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/19982 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28922 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2006/3575 | vdb-entry, x_refsource_VUPEN | |
http://securitytracker.com/id?1016833 | vdb-entry, x_refsource_SECTRACK | |
http://www.adobe.com/support/security/bulletins/apsb06-14.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:40.978Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21858" }, { "name": "19982", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19982" }, { "name": "coldfusion-errorpage-xss(28922)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28922" }, { "name": "ADV-2006-3575", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3575" }, { "name": "1016833", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016833" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-14.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "21858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21858" }, { "name": "19982", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19982" }, { "name": "coldfusion-errorpage-xss(28922)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28922" }, { "name": "ADV-2006-3575", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3575" }, { "name": "1016833", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016833" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb06-14.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4726", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21858" }, { "name": "19982", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19982" }, { "name": "coldfusion-errorpage-xss(28922)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28922" }, { "name": "ADV-2006-3575", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3575" }, { "name": "1016833", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016833" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb06-14.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb06-14.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4726", "datePublished": "2006-09-14T00:00:00", "dateReserved": "2006-09-12T00:00:00", "dateUpdated": "2024-08-07T19:23:40.978Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0582
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/46274 | vdb-entry, x_refsource_BID | |
http://www.vupen.com/english/advisories/2011/0334 | vdb-entry, x_refsource_VUPEN | |
http://www.securitytracker.com/id?1025036 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/43264 | third-party-advisory, x_refsource_SECUNIA | |
http://www.adobe.com/support/security/bulletins/apsb11-04.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/65278 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:25.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "46274", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46274" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "adobe-coldfusion-console-info-disclosure(65278)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65278" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "46274", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46274" }, { "name": "ADV-2011-0334", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43264" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "adobe-coldfusion-console-info-disclosure(65278)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65278" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0582", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "46274", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46274" }, { "name": "ADV-2011-0334", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0334" }, { "name": "1025036", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025036" }, { "name": "43264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43264" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html" }, { "name": "adobe-coldfusion-console-info-disclosure(65278)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65278" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0582", "datePublished": "2011-02-10T15:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:25.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-53961
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.17 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-53961", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-26T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-27T04:55:58.802Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.17", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-12-20T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.4, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "HIGH", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-23T20:11:38.875Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-53961", "datePublished": "2024-12-23T20:11:38.875Z", "dateReserved": "2024-11-25T17:39:04.110Z", "dateUpdated": "2024-12-27T04:55:58.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-40699
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2018.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:51:07.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2018.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2021-40699", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T20:01:53.842272Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:05:00.151Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2018.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2021-09-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.4, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "LOW", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-07T12:54:41.029Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion CFIDE Improper Access Control Leads To Privilege Escalation" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-40699", "datePublished": "2023-09-07T12:54:41.029Z", "dateReserved": "2021-09-08T16:58:12.652Z", "dateUpdated": "2024-09-04T20:05:00.151Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20767
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.12 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.0_update_12", "status": "affected", "version": "2023.0", "versionType": "custom" }, { "lessThanOrEqual": "2021.0_update12", "status": "affected", "version": "2021.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20767", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-17T13:27:06.428662Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-12-16", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-12-17T13:27:19.060Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.948Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.12", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2024-03-12T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.4, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "HIGH", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-12T17:08:09.376Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Improper Access Control (CWE-284)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2024-20767", "datePublished": "2024-03-18T11:43:28.473Z", "dateReserved": "2023-12-04T16:52:22.987Z", "dateUpdated": "2024-12-17T13:27:19.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0572
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1031020 | vdb-entry, x_refsource_SECTRACK | |
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:20:19.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1031020", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031020" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-11-14T14:57:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "1031020", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031020" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2014-0572", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1031020", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031020" }, { "name": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2014-0572", "datePublished": "2014-10-15T10:00:00", "dateReserved": "2013-12-20T00:00:00", "dateUpdated": "2024-08-06T09:20:19.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3349
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-19.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1028757 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:07:37.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html" }, { "name": "1028757", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1028757" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-07-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-01-24T17:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html" }, { "name": "1028757", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1028757" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-3349", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-19.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html" }, { "name": "1028757", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028757" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-3349", "datePublished": "2013-07-10T10:00:00", "dateReserved": "2013-05-06T00:00:00", "dateUpdated": "2024-08-06T16:07:37.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-7816
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:02:18.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "status": "affected", "version": "Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier versions" } ] } ], "descriptions": [ { "lang": "en", "value": "ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "File Upload Restriction Bypass ", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-24T17:36:09", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-7816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ColdFusion", "version": { "version_data": [ { "version_value": "Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier versions" } ] } } ] }, "vendor_name": "Adobe" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "File Upload Restriction Bypass " } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-7816", "datePublished": "2019-05-24T17:36:09", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:02:18.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38419
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "CF2021U4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "CF2018u14", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (CWE-611)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-25T00:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-38419", "datePublished": "2022-10-14T19:42:56.674998Z", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-09-16T17:19:19.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-1387
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.adobe.com/support/security/bulletins/apsb13-10.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:57:05.200Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-10.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-04-10T01:00:00Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-10.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2013-1387", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb13-10.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb13-10.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2013-1387", "datePublished": "2013-04-10T01:00:00Z", "dateReserved": "2013-01-16T00:00:00Z", "dateUpdated": "2024-09-16T20:47:08.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-200612-0480
Vulnerability from variot
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. Adobe Download Manager contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to run arbitrary code with the privileges of the affected user or cause a denial-of-service condition. Adobe ColdFusion is prone to an information-disclosure vulnerability. Successfully exploiting this issue allows remote attackers to gain access to the contents of arbitrary files that are not interpreted by ColdFusion. This includes the source of scripting files not handled by ColdFusion, configuration files, log files, and other data files. Information harvested may aid attackers in further attacks. Adobe ColdFusion MX7, 7.0.1 and 7.0.2 are vulnerable.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. ".cfm". Other versions may also be affected.
SOLUTION: Apply hotfix (See vendor's advisory for details). Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability
iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007
I. BACKGROUND
Adobe Macromedia ColdFusion is an application server and development framework for websites. More information is available at the following URL.
http://www.adobe.com/products/coldfusion/
II. DESCRIPTION
Remote exploitation of an input validation vulnerability in Adobe Systems Inc.'s Macromedia ColdFusion MX 7 may allow an attacker to view file contents on the server.
The vulnerability specifically exists in that URL encoded filenames will be decoded by the IIS process and then again by the ColdFusion process. By supplying a URL containing a double encoded null byte and an extension handled by ColdFusion, such as '.cfm', it is possible to view the contents of any file which is not interpreted by ColdFusion.
III. Although this vulnerability does not in itself allow execution of code on the server, it may allow an attacker to discover sensitive information such as passwords or to discover vulnerabilities in other scripts on the system or potentially bypass some security restrictions.
IV. DETECTION
iDefense has confirmed this vulnerability exists in Adobe Macromedia ColdFusion MX 7.0.2, with all available fixes, running on Microsoft IIS vulnerable.
V. WORKAROUND
iDefense is unaware of any effective workarounds for this vulnerability.
VI. VENDOR RESPONSE
Adobe has released a patch for this issue. For more information consult their advisory at the link below.
http://www.adobe.com/support/security/bulletins/apsb07-02.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-5858 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
11/08/2006 Initial vendor notification 11/09/2006 Initial vendor response 01/09/2007 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Inge Henriksen.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2006 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: Adobe Download Manager AOM Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA23233
VERIFY ADVISORY: http://secunia.com/advisories/23233/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Adobe Download Manager 1.x http://secunia.com/product/7045/ Adobe Download Manager 2.x http://secunia.com/product/12814/
DESCRIPTION: A vulnerability has been reported in Adobe Download Manager, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when handling section names in the "dm.ini" file as created by Adobe Download Manager when processing AOM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted AOM or "dm.ini" file.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
SOLUTION: Update to version 2.2.
PROVIDED AND/OR DISCOVERED BY: Derek Soeder, eEye Digital Security.
The vendor also credits Zero Day Initiative.
ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb06-19.html
eEye Digital Security: http://research.eeye.com/html/advisories/published/AD20061205.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200612-0480", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jrun", "scope": "eq", "trust": 2.4, "vendor": "adobe", "version": "4.0" }, { "model": "coldfusion", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "7.0.2" }, { "model": "coldfusion", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "adobe", "version": null }, { "model": "coldfusion", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "mx mx 7 to 7.0.2" }, { "model": "iis", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": "coldfusion", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "7.0" }, { "model": "coldfusion", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "7.0.1" }, { "model": "coldfusion", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "7.0.2" }, { "model": "coldfusion mx", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "7.02" }, { "model": "coldfusion mx", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "7.01" }, { "model": "coldfusion mx", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "7.00" } ], "sources": [ { "db": "CERT/CC", "id": "VU#448569" }, { "db": "BID", "id": "21978" }, { "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "db": "CNNVD", "id": "CNNVD-200612-697" }, { "db": "NVD", "id": "CVE-2006-5858" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:coldfusion", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:jrun", "vulnerable": true }, { "cpe22Uri": "cpe:/a:microsoft:iis", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001531" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Inge Henriksen is credited with the discovery of this vulnerability.", "sources": [ { "db": "BID", "id": "21978" }, { "db": "CNNVD", "id": "CNNVD-200612-697" } ], "trust": 0.9 }, "cve": "CVE-2006-5858", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2006-5858", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2006-5858", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#448569", "trust": 0.8, "value": "4.62" }, { "author": "NVD", "id": "CVE-2006-5858", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200612-697", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#448569" }, { "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "db": "CNNVD", "id": "CNNVD-200612-697" }, { "db": "NVD", "id": "CVE-2006-5858" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. Adobe Download Manager contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to run arbitrary code with the privileges of the affected user or cause a denial-of-service condition. Adobe ColdFusion is prone to an information-disclosure vulnerability. \nSuccessfully exploiting this issue allows remote attackers to gain access to the contents of arbitrary files that are not interpreted by ColdFusion. This includes the source of scripting files not handled by ColdFusion, configuration files, log files, and other data files. Information harvested may aid attackers in further attacks. \nAdobe ColdFusion MX7, 7.0.1 and 7.0.2 are vulnerable. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \".cfm\". Other versions may also be affected. \n\nSOLUTION:\nApply hotfix (See vendor\u0027s advisory for details). Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability\n\niDefense Security Advisory 01.09.07\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nJan 09, 2007\n\nI. BACKGROUND\n\nAdobe Macromedia ColdFusion is an application server and development\nframework for websites. More information is available at the following\nURL. \n\nhttp://www.adobe.com/products/coldfusion/\n\nII. DESCRIPTION\n\nRemote exploitation of an input validation vulnerability in Adobe Systems\nInc.\u0027s Macromedia ColdFusion MX 7 may allow an attacker to view file\ncontents on the server. \n\nThe vulnerability specifically exists in that URL encoded filenames will\nbe decoded by the IIS process and then again by the ColdFusion process. By\nsupplying a URL containing a double encoded null byte and an extension\nhandled by ColdFusion, such as \u0027.cfm\u0027, it is possible to view the contents\nof any file which is not interpreted by ColdFusion. \n\nIII. Although this\nvulnerability does not in itself allow execution of code on the server, it\nmay allow an attacker to discover sensitive information such as passwords\nor to discover vulnerabilities in other scripts on the system or\npotentially bypass some security restrictions. \n\nIV. DETECTION\n\niDefense has confirmed this vulnerability exists in Adobe Macromedia\nColdFusion MX 7.0.2, with all available fixes, running on Microsoft IIS\nvulnerable. \n\nV. WORKAROUND\n\niDefense is unaware of any effective workarounds for this vulnerability. \n\nVI. VENDOR RESPONSE\n\nAdobe has released a patch for this issue. For more information consult\ntheir advisory at the link below. \n\nhttp://www.adobe.com/support/security/bulletins/apsb07-02.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2006-5858 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n11/08/2006 Initial vendor notification\n11/09/2006 Initial vendor response\n01/09/2007 Coordinated public disclosure\n\nIX. CREDIT\n\nThis vulnerability was reported to iDefense by Inge Henriksen. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2006 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert electronically. \nIt may not be edited in any way without the express written consent of\niDefense. If you wish to reprint the whole or any part of this alert in\nany other medium other than electronically, please e-mail\ncustomerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate at\nthe time of publishing based on currently available information. Use of\nthe information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on, this\ninformation. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Download Manager AOM Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA23233\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23233/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nAdobe Download Manager 1.x\nhttp://secunia.com/product/7045/\nAdobe Download Manager 2.x\nhttp://secunia.com/product/12814/\n\nDESCRIPTION:\nA vulnerability has been reported in Adobe Download Manager, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to a boundary error when handling\nsection names in the \"dm.ini\" file as created by Adobe Download\nManager when processing AOM files. This can be exploited to cause a\nstack-based buffer overflow via a specially crafted AOM or \"dm.ini\"\nfile. \n\nSuccessful exploitation allows execution of arbitrary code when a\nuser e.g. visits a malicious website. \n\nSOLUTION:\nUpdate to version 2.2. \n\nPROVIDED AND/OR DISCOVERED BY:\nDerek Soeder, eEye Digital Security. \n\nThe vendor also credits Zero Day Initiative. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb06-19.html\n\neEye Digital Security:\nhttp://research.eeye.com/html/advisories/published/AD20061205.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2006-5858" }, { "db": "CERT/CC", "id": "VU#448569" }, { "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "db": "BID", "id": "21978" }, { "db": "PACKETSTORM", "id": "53496" }, { "db": "PACKETSTORM", "id": "53585" }, { "db": "PACKETSTORM", "id": "52797" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2006-5858", "trust": 2.8 }, { "db": "BID", "id": "21978", "trust": 1.9 }, { "db": "SECUNIA", "id": "23668", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#448569", "trust": 1.6 }, { "db": "SECTRACK", "id": "1017490", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2007-0116", "trust": 1.6 }, { "db": "OSVDB", "id": "32123", "trust": 1.6 }, { "db": "SECUNIA", "id": "23233", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2006-001531", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200612-697", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "53496", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "53585", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "52797", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#448569" }, { "db": "BID", "id": "21978" }, { "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "db": "PACKETSTORM", "id": "53496" }, { "db": "PACKETSTORM", "id": "53585" }, { "db": "PACKETSTORM", "id": "52797" }, { "db": "CNNVD", "id": "CNNVD-200612-697" }, { "db": "NVD", "id": "CVE-2006-5858" } ] }, "id": "VAR-200612-0480", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T21:57:24.851000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB07-02", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb07-02.html" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.iis.net/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001531" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "db": "NVD", "id": "CVE-2006-5858" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb07-02.html" }, { "trust": 1.7, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/457799/100/0/threaded" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23668" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31411" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2007/0116" }, { "trust": 1.6, "url": "http://securitytracker.com/id?1017490" }, { "trust": 1.6, "url": "http://osvdb.org/32123" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/21978" }, { "trust": 0.9, "url": "http://secunia.com/advisories/23233/" }, { "trust": 0.9, "url": "http://research.eeye.com/html/advisories/published/ad20061205.html" }, { "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html " }, { "trust": 0.8, "url": "http://www.adobe.com/products/acrobat/acrrmanager.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5858" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5858" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/448569" }, { "trust": 0.4, "url": "http://www.adobe.com/products/coldfusion/" }, { "trust": 0.3, "url": "/archive/1/456484" }, { "trust": 0.2, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/software_inspector/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/23668/" }, { "trust": 0.1, "url": "http://secunia.com/product/4984/" }, { "trust": 0.1, "url": "http://cve.mitre.org/)," }, { "trust": 0.1, "url": "http://labs.idefense.com/intelligence/vulnerabilities/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5858" }, { "trust": 0.1, "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php" }, { "trust": 0.1, "url": "http://labs.idefense.com/" }, { "trust": 0.1, "url": "http://secunia.com/product/7045/" }, { "trust": 0.1, "url": "http://secunia.com/product/12814/" }, { "trust": 0.1, "url": "http://corporate.secunia.com/products/48/?r=l" }, { "trust": 0.1, "url": "http://corporate.secunia.com/how_to_buy/15/?r=l" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html" } ], "sources": [ { "db": "CERT/CC", "id": "VU#448569" }, { "db": "BID", "id": "21978" }, { "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "db": "PACKETSTORM", "id": "53496" }, { "db": "PACKETSTORM", "id": "53585" }, { "db": "PACKETSTORM", "id": "52797" }, { "db": "CNNVD", "id": "CNNVD-200612-697" }, { "db": "NVD", "id": "CVE-2006-5858" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#448569" }, { "db": "BID", "id": "21978" }, { "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "db": "PACKETSTORM", "id": "53496" }, { "db": "PACKETSTORM", "id": "53585" }, { "db": "PACKETSTORM", "id": "52797" }, { "db": "CNNVD", "id": "CNNVD-200612-697" }, { "db": "NVD", "id": "CVE-2006-5858" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-12-07T00:00:00", "db": "CERT/CC", "id": "VU#448569" }, { "date": "2007-01-09T00:00:00", "db": "BID", "id": "21978" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "date": "2007-01-10T18:19:08", "db": "PACKETSTORM", "id": "53496" }, { "date": "2007-01-13T23:25:20", "db": "PACKETSTORM", "id": "53585" }, { "date": "2006-12-07T06:24:29", "db": "PACKETSTORM", "id": "52797" }, { "date": "2006-12-31T00:00:00", "db": "CNNVD", "id": "CNNVD-200612-697" }, { "date": "2006-12-31T05:00:00", "db": "NVD", "id": "CVE-2006-5858" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-12-07T00:00:00", "db": "CERT/CC", "id": "VU#448569" }, { "date": "2007-01-10T20:51:00", "db": "BID", "id": "21978" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001531" }, { "date": "2020-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-200612-697" }, { "date": "2024-11-21T00:20:50.727000", "db": "NVD", "id": "CVE-2006-5858" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "53585" }, { "db": "CNNVD", "id": "CNNVD-200612-697" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Download Manager buffer overflow", "sources": [ { "db": "CERT/CC", "id": "VU#448569" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-200612-697" } ], "trust": 0.6 } }
var-201305-0209
Vulnerability from variot
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Adobe ColdFusion is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve files stored on the server and obtain sensitive information. This may aid in launching further attacks. Adobe ColdFusion is a dynamic web server product of Adobe (Adobe) in the United States, and the CFML (ColdFusion Markup Language) it runs is a programming language for web applications
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201305-0209", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "coldfusion", "scope": "eq", "trust": 2.8, "vendor": "adobe", "version": "9.0" }, { "model": "coldfusion", "scope": "eq", "trust": 2.8, "vendor": "adobe", "version": "9.0.1" }, { "model": "coldfusion", "scope": "eq", "trust": 2.5, "vendor": "adobe", "version": "9.0.2" }, { "model": "coldfusion", "scope": "eq", "trust": 2.5, "vendor": "adobe", "version": "10.0" } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-3336" }, { "db": "BID", "id": "59773" }, { "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "db": "CNNVD", "id": "CNNVD-201305-206" }, { "db": "NVD", "id": "CVE-2013-3336" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:coldfusion", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-002608" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Marcin Siedlarz of Symantec Security Response", "sources": [ { "db": "BID", "id": "59773" } ], "trust": 0.3 }, "cve": "CVE-2013-3336", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2013-3336", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-63338", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2013-3336", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2013-3336", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201305-206", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-63338", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2013-3336", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-63338" }, { "db": "VULMON", "id": "CVE-2013-3336" }, { "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "db": "CNNVD", "id": "CNNVD-201305-206" }, { "db": "NVD", "id": "CVE-2013-3336" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Adobe ColdFusion is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to retrieve files stored on the server and obtain sensitive information. This may aid in launching further attacks. Adobe ColdFusion is a dynamic web server product of Adobe (Adobe) in the United States, and the CFML (ColdFusion Markup Language) it runs is a programming language for web applications", "sources": [ { "db": "NVD", "id": "CVE-2013-3336" }, { "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "db": "BID", "id": "59773" }, { "db": "VULHUB", "id": "VHN-63338" }, { "db": "VULMON", "id": "CVE-2013-3336" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-63338", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=25305", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-63338" }, { "db": "VULMON", "id": "CVE-2013-3336" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-3336", "trust": 2.9 }, { "db": "EXPLOIT-DB", "id": "25305", "trust": 1.2 }, { "db": "USCERT", "id": "TA15-119A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2013-002608", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201305-206", "trust": 0.7 }, { "db": "BID", "id": "59773", "trust": 0.4 }, { "db": "SEEBUG", "id": "SSVID-78970", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-63338", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2013-3336", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-63338" }, { "db": "VULMON", "id": "CVE-2013-3336" }, { "db": "BID", "id": "59773" }, { "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "db": "CNNVD", "id": "CNNVD-201305-206" }, { "db": "NVD", "id": "CVE-2013-3336" } ] }, "id": "VAR-201305-0209", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-63338" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:16:36.461000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ColdFusion Security Hotfix APSB13-13", "trust": 0.8, "url": "https://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html" }, { "title": "APSA13-03", "trust": 0.8, "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html" }, { "title": "APSB13-13", "trust": 0.8, "url": "https://www.adobe.com/support/security/bulletins/apsb13-13.html" }, { "title": "APSB13-13 (cq05140117)", "trust": 0.8, "url": "https://helpx.adobe.com/jp/coldfusion/kb/cq05140117.html" }, { "title": "APSA13-03", "trust": 0.8, "url": "http://helpx.adobe.com/jp/coldfusion/kb/cq05081955.html?sdid=ISBTR" }, { "title": "jok3r", "trust": 0.1, "url": "https://github.com/koutto/jok3r " }, { "title": "jok3r", "trust": 0.1, "url": "https://github.com/84KaliPleXon3/jok3r " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/adobe-patches-coldfusion-flash-reader-vulnerabilities/100628/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2013/05/10/ms_ie8_0day_fix_due_tuesday/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-3336" }, { "db": "JVNDB", "id": "JVNDB-2013-002608" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2013-3336" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html" }, { "trust": 1.2, "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html" }, { "trust": 1.2, "url": "http://www.exploit-db.com/exploits/25305" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3336" }, { "trust": 0.8, "url": "http://jvn.jp/ta/jvnta99041988/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3336" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ncas/alerts/ta15-119a" }, { "trust": 0.3, "url": "http://www.adobe.com/products/coldfusion/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/adobe-apsb13-13-cve-2013-3336" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/25305/" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/modules/auxiliary/gather/coldfusion_pwd_props" } ], "sources": [ { "db": "VULHUB", "id": "VHN-63338" }, { "db": "VULMON", "id": "CVE-2013-3336" }, { "db": "BID", "id": "59773" }, { "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "db": "CNNVD", "id": "CNNVD-201305-206" }, { "db": "NVD", "id": "CVE-2013-3336" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-63338" }, { "db": "VULMON", "id": "CVE-2013-3336" }, { "db": "BID", "id": "59773" }, { "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "db": "CNNVD", "id": "CNNVD-201305-206" }, { "db": "NVD", "id": "CVE-2013-3336" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-09T00:00:00", "db": "VULHUB", "id": "VHN-63338" }, { "date": "2013-05-09T00:00:00", "db": "VULMON", "id": "CVE-2013-3336" }, { "date": "2013-05-08T00:00:00", "db": "BID", "id": "59773" }, { "date": "2013-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "date": "2013-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-206" }, { "date": "2013-05-09T12:31:19.857000", "db": "NVD", "id": "CVE-2013-3336" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-11-07T00:00:00", "db": "VULHUB", "id": "VHN-63338" }, { "date": "2013-11-07T00:00:00", "db": "VULMON", "id": "CVE-2013-3336" }, { "date": "2014-08-01T00:32:00", "db": "BID", "id": "59773" }, { "date": "2015-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-002608" }, { "date": "2013-05-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-206" }, { "date": "2024-11-21T01:53:25.493000", "db": "NVD", "id": "CVE-2013-3336" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-206" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe ColdFusion Vulnerable to reading arbitrary files", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-002608" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-206" } ], "trust": 0.6 } }
var-200703-0122
Vulnerability from variot
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Adobe JRun and ColdFusion MX of IIS Connector has a service disruption (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Adobe JRun IIS 6 Connector Denial of Service
SECUNIA ADVISORY ID: SA24488
VERIFY ADVISORY: http://secunia.com/advisories/24488/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Adobe ColdFusion MX 7.x http://secunia.com/product/4984/ Macromedia ColdFusion MX 6.x http://secunia.com/product/864/ Macromedia Jrun 4.x http://secunia.com/product/863/
DESCRIPTION: A vulnerability has been reported in Adobe JRun, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within JRun\x92s IIS connector when handling certain requests for resources. This can be exploited via e.g. requesting a file within the web root and then performing certain actions.
The vulnerability is reported in the following products with IIS 6: * JRun 4 Updater 6 * Adobe ColdFusion MX 7.0 Enterprise Edition, if installed as the "Multi-Server" option * Adobe ColdFusion MX 6.1 Enterprise, if installed with the "J2EE" option and deployed on JRun 4.0 Updater 6
Adobe ColdFusion MX 6.1 and 7.0 Standard editions are not affected by this issue.
SOLUTION: Apply hotfix (see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: The vendor credits Shoji Kamiichi, NEC.
ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb07-07.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0122", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "coldfusion", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.1" }, { "model": "jrun", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "4.0" }, { "model": "coldfusion", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "coldfusion", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "mx mx 6.1 and 7.0 enterprise" }, { "model": "jrun", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.0 updater 6" }, { "model": "iis", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6" }, { "model": "iis", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "6.0" }, { "model": "jrun updater", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "4.06" }, { "model": "coldfusion mx enterprise", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "7.0" }, { "model": "coldfusion mx enterprise", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "6.1" } ], "sources": [ { "db": "BID", "id": "22958" }, { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "CNNVD", "id": "CNNVD-200703-412" }, { "db": "NVD", "id": "CVE-2007-1278" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:coldfusion", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:jrun", "vulnerable": true }, { "cpe22Uri": "cpe:/a:microsoft:iis", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001655" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shoji Kamiichi", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-412" } ], "trust": 0.6 }, "cve": "CVE-2007-1278", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2007-1278", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2007-1278", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2007-1278", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200703-412", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "CNNVD", "id": "CNNVD-200703-412" }, { "db": "NVD", "id": "CVE-2007-1278" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Adobe JRun and ColdFusion MX of IIS Connector has a service disruption (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nThis issue affects Microsoft IIS 6 installations running JRun 4 Updater 6. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe JRun IIS 6 Connector Denial of Service\n\nSECUNIA ADVISORY ID:\nSA24488\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24488/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nAdobe ColdFusion MX 7.x\nhttp://secunia.com/product/4984/\nMacromedia ColdFusion MX 6.x\nhttp://secunia.com/product/864/\nMacromedia Jrun 4.x\nhttp://secunia.com/product/863/\n\nDESCRIPTION:\nA vulnerability has been reported in Adobe JRun, which potentially\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error within JRun\\x92s IIS\nconnector when handling certain requests for resources. This can be\nexploited via e.g. requesting a file within the web root and then\nperforming certain actions. \n\nThe vulnerability is reported in the following products with IIS 6:\n* JRun 4 Updater 6\n* Adobe ColdFusion MX 7.0 Enterprise Edition, if installed as the\n\"Multi-Server\" option\n* Adobe ColdFusion MX 6.1 Enterprise, if installed with the \"J2EE\"\noption and deployed on JRun 4.0 Updater 6\n\nAdobe ColdFusion MX 6.1 and 7.0 Standard editions are not affected by\nthis issue. \n\nSOLUTION:\nApply hotfix (see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Shoji Kamiichi, NEC. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb07-07.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2007-1278" }, { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "BID", "id": "22958" }, { "db": "PACKETSTORM", "id": "55081" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-1278", "trust": 2.7 }, { "db": "BID", "id": "22958", "trust": 1.9 }, { "db": "SECUNIA", "id": "24488", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2007-0932", "trust": 1.6 }, { "db": "SECTRACK", "id": "1017752", "trust": 1.6 }, { "db": "OSVDB", "id": "34039", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2007-001655", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200703-412", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "55081", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "22958" }, { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "PACKETSTORM", "id": "55081" }, { "db": "CNNVD", "id": "CNNVD-200703-412" }, { "db": "NVD", "id": "CVE-2007-1278" } ] }, "id": "VAR-200703-0122", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T23:13:20.402000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB07-07", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html" }, { "title": "Microsoft IIS", "trust": 0.8, "url": "http://www.iis.net/" }, { "title": "Adobe ColdFusion and Adobe JRun IIS connector Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94516" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "CNNVD", "id": "CNNVD-200703-412" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "NVD", "id": "CVE-2007-1278" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32994" }, { "trust": 1.6, "url": "http://secunia.com/advisories/24488" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2007/0932" }, { "trust": 1.6, "url": "http://osvdb.org/34039" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id?1017752" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/22958" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1278" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1278" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/864/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/24488/" }, { "trust": 0.1, "url": "http://secunia.com/disassembling_og_reversing/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/" }, { "trust": 0.1, "url": "http://secunia.com/product/4984/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/product/863/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" } ], "sources": [ { "db": "BID", "id": "22958" }, { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "PACKETSTORM", "id": "55081" }, { "db": "CNNVD", "id": "CNNVD-200703-412" }, { "db": "NVD", "id": "CVE-2007-1278" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "22958" }, { "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "db": "PACKETSTORM", "id": "55081" }, { "db": "CNNVD", "id": "CNNVD-200703-412" }, { "db": "NVD", "id": "CVE-2007-1278" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-13T00:00:00", "db": "BID", "id": "22958" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "date": "2007-03-17T02:22:27", "db": "PACKETSTORM", "id": "55081" }, { "date": "2007-03-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200703-412" }, { "date": "2007-03-16T20:19:00", "db": "NVD", "id": "CVE-2007-1278" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-14T20:04:00", "db": "BID", "id": "22958" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2007-001655" }, { "date": "2019-07-09T00:00:00", "db": "CNNVD", "id": "CNNVD-200703-412" }, { "date": "2024-11-21T00:27:56.350000", "db": "NVD", "id": "CVE-2007-1278" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-412" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe JRun and ColdFusion MX of IIS Service disruption in connectors (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2007-001655" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-200703-412" } ], "trust": 0.6 } }
var-201511-0308
Vulnerability from variot
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. Multiple Adobe products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05073670
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05073670 Version: 1
HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-04-06 Last Updated: 2016-04-06
Potential Security Impact: Remote Server-Side Request Forgery (SSRF)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP XP7 Command View Advanced Edition Suite and HP XP P9000 Command View Advanced Edition Software including Device Manager and Hitachi Automation Director (HAD). The vulnerability could be remotely exploited resulting in Server-Side Request Forgery (SSRF).
References: CVE-2015-5255
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP XP P9000 Command View Advanced Edition Software and HP XP7 Command View Advanced Edition Suite:
HP Device Manager Software v7.0.0-00 to earlier than v8.4.0-00 Hitachi Automation Director (HAD) for Windows and Linux v8.1.1-00 to earlier than 8.4.0-00
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-5255 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has released the following software updates to resolve the vulnerability in HP XP7 Command View Advanced Edition Suite and HP XP P9000 Command View Advanced Edition:
- HP Device Manager Software v8.4.0-00
- Hitachi Automation Director (HAD) for Windows and Linux v8.4.0-00
HISTORY Version:1 (rev.1) - 6 April 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJXBUdsAAoJEGIGBBYqRO9/QR0H/1n7MvC34yG/bAynnPVOwwun d7+PjDWg6S3zm0X3TTODxNw5XvKtSPW5gsj+ugdkj0MnooGP+ETOLkJgKro6xx+c FvVQChknCB03/Ul+ZED4RXG4XxPAXfrEYisGQ8DogqT8szAEGvkq4AA/aStXYOjT F+yAEJPTMsNZkAeyzWsvJnqxQ7/7BUESJrV5akJvjs7BvArGFWn8FPDjAJuyHGoM D7UD7HLutYaR25TIaqLaVoNokgMq6wLXzLntxM5cB3X98ThYEI23M3XNmxfbhXKQ Q8rAsVpXeGMgObS/nURFMSSPNU7boGZFtSU9mZQilb59V4Xko5wsauUKjP4r8Dk= =xRCI -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0308", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "livecycle data services", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "3.0" }, { "model": "livecycle data services", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.6" }, { "model": "livecycle data services", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.7" }, { "model": "livecycle data services", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.5" }, { "model": "xp p9000 command view advanced edition", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": null }, { "model": "coldfusion", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "coldfusion", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "11.0" }, { "model": "xp7 command view advanced edition", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": null }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3.0.0.354175" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3.1.0.354180" }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "3.0.x (windows/macintosh/unix)" }, { "model": "coldfusion", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "11 update 7" }, { "model": "coldfusion", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "10 update 18" }, { "model": "jp1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/automatic operation", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "4.6.2.x (windows/macintosh/unix)" }, { "model": "job management partner 1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - manager" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.7.0.354178" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.5.1.354177" }, { "model": "coldfusion", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "11" }, { "model": "coldfusion", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "10" }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "3.1.x (windows/macintosh/unix)" }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "4.5.x (windows/macintosh/unix)" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.6.2.354178" }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "4.7.x (windows/macintosh/unix)" }, { "model": "it operations director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "compute systems manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software ( domestic version )" }, { "model": "jp1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - manager" }, { "model": "job management partner 1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "compute systems manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software ( overseas edition )" }, { "model": "automation director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "job management partner", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "1/automatic operation" }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "coldfusion", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "10.0" }, { "model": "coldfusion", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "11.0" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "3.1" } ], "sources": [ { "db": "BID", "id": "77626" }, { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "CNNVD", "id": "CNNVD-201511-298" }, { "db": "NVD", "id": "CVE-2015-5255" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:coldfusion", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:livecycle_data_services", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:automation_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:compute_systems_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_operation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_it_desktop_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005981" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "James Kettle of PortSwigger Web Security", "sources": [ { "db": "BID", "id": "77626" } ], "trust": 0.3 }, "cve": "CVE-2015-5255", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2015-5255", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-5255", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2015-5255", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201511-298", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "CNNVD", "id": "CNNVD-201511-298" }, { "db": "NVD", "id": "CVE-2015-5255" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue. Multiple Adobe products are prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05073670\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05073670\nVersion: 1\n\nHPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including\nDevice Manager and Hitachi Automation Director (HAD), Remote Server-Side\nRequest Forgery (SSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-04-06\nLast Updated: 2016-04-06\n\nPotential Security Impact: Remote Server-Side Request Forgery (SSRF)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP XP7 Command\nView Advanced Edition Suite and HP XP P9000 Command View Advanced Edition\nSoftware including Device Manager and Hitachi Automation Director (HAD). The\nvulnerability could be remotely exploited resulting in Server-Side Request\nForgery (SSRF). \n\nReferences: CVE-2015-5255\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP XP P9000 Command View Advanced Edition Software and HP XP7 Command View\nAdvanced Edition Suite:\n\nHP Device Manager Software v7.0.0-00 to earlier than v8.4.0-00\nHitachi Automation Director (HAD) for Windows and Linux v8.1.1-00 to earlier\nthan 8.4.0-00\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-5255 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has released the following software updates to resolve the vulnerability\nin HP XP7 Command View Advanced Edition Suite and HP XP P9000 Command View\nAdvanced Edition:\n\n - HP Device Manager Software v8.4.0-00\n - Hitachi Automation Director (HAD) for Windows and Linux v8.4.0-00\n\nHISTORY\nVersion:1 (rev.1) - 6 April 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJXBUdsAAoJEGIGBBYqRO9/QR0H/1n7MvC34yG/bAynnPVOwwun\nd7+PjDWg6S3zm0X3TTODxNw5XvKtSPW5gsj+ugdkj0MnooGP+ETOLkJgKro6xx+c\nFvVQChknCB03/Ul+ZED4RXG4XxPAXfrEYisGQ8DogqT8szAEGvkq4AA/aStXYOjT\nF+yAEJPTMsNZkAeyzWsvJnqxQ7/7BUESJrV5akJvjs7BvArGFWn8FPDjAJuyHGoM\nD7UD7HLutYaR25TIaqLaVoNokgMq6wLXzLntxM5cB3X98ThYEI23M3XNmxfbhXKQ\nQ8rAsVpXeGMgObS/nURFMSSPNU7boGZFtSU9mZQilb59V4Xko5wsauUKjP4r8Dk=\n=xRCI\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2015-5255" }, { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "BID", "id": "77626" }, { "db": "PACKETSTORM", "id": "136600" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-5255", "trust": 2.8 }, { "db": "BID", "id": "77626", "trust": 1.9 }, { "db": "SECTRACK", "id": "1034210", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "134506", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2015-005981", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201511-298", "trust": 0.6 }, { "db": "HITACHI", "id": "HS16-005", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "136600", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "77626" }, { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "PACKETSTORM", "id": "136600" }, { "db": "CNNVD", "id": "CNNVD-201511-298" }, { "db": "NVD", "id": "CVE-2015-5255" } ] }, "id": "VAR-201511-0308", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.18666667 }, "last_update_date": "2024-11-23T21:42:02.347000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB15-29", "trust": 0.8, "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "title": "APSB15-30", "trust": 0.8, "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html" }, { "title": "APSB15-29", "trust": 0.8, "url": "https://helpx.adobe.com/jp/security/products/coldfusion/apsb15-29.html" }, { "title": "APSB15-30", "trust": 0.8, "url": "https://helpx.adobe.com/jp/security/products/livecycleds/apsb15-30.html" }, { "title": "HS16-007", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-007/index.html" }, { "title": "HS16-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-009/index.html" }, { "title": "HS16-005", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-005/index.html" }, { "title": "HS16-007", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-007/index.html" }, { "title": "HS16-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-009/index.html" }, { "title": "HS16-005", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-005/index.html" }, { "title": "Adobe ColdFusion and LiveCycle Data Services BlazeDS Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58782" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "CNNVD", "id": "CNNVD-201511-298" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "NVD", "id": "CVE-2015-5255" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" }, { "trust": 1.9, "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html" }, { "trust": 1.9, "url": "http://www.vmware.com/security/advisories/vmsa-2015-0008.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/77626" }, { "trust": 1.6, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073670" }, { "trust": 1.6, "url": "http://packetstormsecurity.com/files/134506/apache-flex-blazeds-4.7.1-ssrf.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1034210" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=145996963420108\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5255" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5255" }, { "trust": 0.3, "url": "http://www.adobe.com/products/coldfusion/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://www.adobe.com/devnet/livecycle/dataservices.html" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/nov/118" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05073670" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs16-005/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5255" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" } ], "sources": [ { "db": "BID", "id": "77626" }, { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "PACKETSTORM", "id": "136600" }, { "db": "CNNVD", "id": "CNNVD-201511-298" }, { "db": "NVD", "id": "CVE-2015-5255" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "77626" }, { "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "db": "PACKETSTORM", "id": "136600" }, { "db": "CNNVD", "id": "CNNVD-201511-298" }, { "db": "NVD", "id": "CVE-2015-5255" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-11-17T00:00:00", "db": "BID", "id": "77626" }, { "date": "2015-11-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "date": "2016-04-07T01:07:53", "db": "PACKETSTORM", "id": "136600" }, { "date": "2015-11-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201511-298" }, { "date": "2015-11-18T21:59:00.130000", "db": "NVD", "id": "CVE-2015-5255" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-07-05T22:03:00", "db": "BID", "id": "77626" }, { "date": "2016-03-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005981" }, { "date": "2020-10-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201511-298" }, { "date": "2024-11-21T02:32:39.473000", "db": "NVD", "id": "CVE-2015-5255" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201511-298" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe ColdFusion and LiveCycle Data Services Used in Adobe BlazeDS In HTTP Vulnerability in sending traffic to intranet servers", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005981" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201511-298" } ], "trust": 0.6 } }
var-201508-0177
Vulnerability from variot
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the AMF protocol. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the fmserver user. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. However this expanded information is not automatically transferred back to the client, but could be made available by the application. ------------------------------------------------------------------------ VMware Security Advisory
Advisory ID: VMSA-2015-0008 Synopsis: VMware product updates address information disclosure issue
Issue date: 2015-11-18 Updated on: 2015-11-18 CVE number: CVE-2015-3269
- Summary
VMware product updates address information disclosure issue.
- Relevant Releases
VMware vCenter Server 5.5 prior to version 5.5 update 3 VMware vCenter Server 5.1 prior to version 5.1 update u3b VMware vCenter Server 5.0 prior to version 5.0 update u3e
vCloud Director 5.6 prior to version 5.6.4 vCloud Director 5.5 prior to version 5.5.3
VMware Horizon View 6.0 prior to version 6.1 VMware Horizon View 5.0 prior to version 5.3.4
- Problem Description
a. vCenter Server, vCloud Director, Horizon View information disclosure issue. A specially crafted XML request sent to the server could lead to unintended information be disclosed.
VMware would like to thank Matthias Kaiser of Code White GmbH for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-3269 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 6.0 any not affected
vCenter Server 5.5 any 5.5 update 3
vCenter Server 5.1 any 5.1 update u3b
vCenter Server 5.0 any 5.5 update u3e
vCloud Director 5.6 any 5.6.4
vCloud Director 5.5 any 5.5.3
Horizon View 6.0 any 6.1
Horizon View 5.3 any 5.3.4
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server
Downloads and Documentation: https://www.vmware.com/go/download-vsphere
vCloud Director For Service Providers
Downloads and Documentation: https://www.vmware.com/support/pubs/vcd_pubs.html
Horizon View 6.1, 5.3.4:
Downloads: https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-610-GA&productId=492 https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-534-PREMIER&productId=396
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3269
- Change log
2015-11-18 VMSA-2015-0008 Initial security advisory
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05026202
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05026202 Version: 2
HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-03-03 Last Updated: 2016-03-03
Potential Security Impact: Remote Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A security vulnerability in Apache Flex BlazeDS was addressed by HP Operations Manager i (OMi) and Business Service Manager (BSM).
Note : OMi v10.10 is NOT affected by this vulnerability.
References:
CVE-2015-3269 SSRT102232
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Operations Manager i v10.0, v10.01 Business Service Manager v9.x to v9.26
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-3269 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett Packard Enterprise Company thanks Nicholas Miles from Tenable Network Security for reporting this issue to security-alert@hpe.com
RESOLUTION
HPE has made the following mitigation information available to resolve the vulnerability for the impacted versions of Operations Manager i and Business Service Manager:
For OMi 10.0 update to OMi 10.0 IP3 or above. The OMi 10.0 IP3 patches can be found here:
For Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu lt/-/facetsearch/document/LID/OMI_00122?lang=en&cc=us&hpappid=202392_OSP_PRO_ HPE
For Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result /-/facetsearch/document/LID/OMI_00123?lang=en&cc=us&hpappid=202392_OSP_PRO_HP E
For OMi 10.01 update to OMi 10.01 IP2 or above. The OMi 10.01 IP2 patches can be found here:
For Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu lt/-/facetsearch/document/LID/OMI_00120
For Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result /-/facetsearch/document/LID/OMI_00121
OMi 10.10 is NOT affected by this vulnerability.
For BSM 9.x to 9.25, update to BSM 9.25 IP2 or above.
For Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu lt/-/facetsearch/document/LID/BAC_00899
For Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result /-/facetsearch/document/LID/BAC_00896
For BSM 9.26 please contact HPE Technical Support.
HISTORY Version:1 (rev.1) - 3 March 2016 Initial release Version:2 (rev.2) - 3 March 2016 Added acknowledgment section
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJW2GZoAAoJEGIGBBYqRO9/g7wIAIuGN+IoM69sf1dzu0wROFfj fDKMymKIsUz975nC1VoPm+70FiBRNKwuL73uqA7Gkrhnv1ldxeBjsX058FR3q5ZE mhlhfp86BMKJMtuWI3nTVo25gQM4PVaB6GuS52PrROhwcNRKnGy6K1OlYPEtFXiy OC6YNBwBBbvookB6bPkziPzvdc85zTU8Pc7YDZQoO14vw/k1PDBaFSHs7QnLlrAw 2cZADbYL9QIDWjIO/QVHo8iwYkjpxRmBzK6qXg/Ys1vij6/RYLqMtk5fxxMRlkfS 0oiFiUS8zVf+QASHRAuj4KXeCOCi66UEAgewkDa15GyByubl8WQRg7ovw1fHGUA= =4Dvo -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0177", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "livecycle data services", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "3.0" }, { "model": "livecycle data services", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "4.7" }, { "model": "livecycle data services", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "4.5" }, { "model": "livecycle data services", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.6" }, { "model": "business service management", "scope": "lte", "trust": 1.0, "vendor": "hp", "version": "9.26" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "adobe", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "atlassian", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3.0.0.354170" }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "4.6.2" }, { "model": "jp1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/automatic operation", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "job management partner 1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - manager" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.5.1.354169" }, { "model": "it operations director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "compute systems manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software ( domestic version )" }, { "model": "jp1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - manager" }, { "model": "job management partner 1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "3.0.x" }, { "model": "compute systems manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software ( overseas edition )" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.7.0.354169" }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "4.7" }, { "model": "automation director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "job management partner", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "1/automatic operation" }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.6.2.354169" }, { "model": "livecycle data services", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "4.5" }, { "model": "nexus dashboard fabric controller", "scope": null, "trust": 0.7, "vendor": "cisco", "version": null }, { "model": "vcloud director", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "vcloud director", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.6" }, { "model": "vcenter server update1", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "vcenter server update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.52" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "vcenter server update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.13" }, { "model": "vcenter server update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.11" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "vcenter server update2", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "vcenter server update u3b", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "vcenter server update 3c", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "vcenter server update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "horizon view", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.3.1" }, { "model": "horizon view", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "horizon view", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.3" }, { "model": "operations manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.01" }, { "model": "operations manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.00" }, { "model": "business service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.26" }, { "model": "business service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.20" }, { "model": "business service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.10" }, { "model": "jp1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-02" }, { "model": "jp1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-01" }, { "model": "jp1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-00-02" }, { "model": "jp1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-00" }, { "model": "job management partner 1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-50" }, { "model": "job management partner 1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-10-01" }, { "model": "job management partner 1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-00-03" }, { "model": "job management partner 1/automatic operation", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-00-02" }, { "model": "flex blazeds", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.7" }, { "model": "flex blazeds", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.6.0.23207" }, { "model": "livecycle data services", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "4.6.2" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "115" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "114" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "113" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "112" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "111" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.08" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.04" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.03" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.02" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.01" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "109" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "106" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "105" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1016" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1015" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1014" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1013" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1012" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1011" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "1010" }, { "model": "coldfusion update", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "101" }, { "model": "coldfusion", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "vcloud director", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.6.4" }, { "model": "vcloud director", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.5.3" }, { "model": "vcenter server update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.53" }, { "model": "vcenter server update u3b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "vcenter server update u3e", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "horizon view", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.3.4" }, { "model": "horizon view", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "6.1" }, { "model": "jp1/automatic operation", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "11-00-01" }, { "model": "flex blazeds", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "4.7.1" }, { "model": "livecycle data services", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "6.2.354169" }, { "model": "livecycle data services", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "4.7.0.3541694" }, { "model": "livecycle data services", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "4.5.1.354169" }, { "model": "livecycle data services", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "3.0.0.354170" }, { "model": "coldfusion update", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "116" }, { "model": "coldfusion update", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "1017" } ], "sources": [ { "db": "CERT/CC", "id": "VU#307983" }, { "db": "ZDI", "id": "ZDI-22-508" }, { "db": "BID", "id": "76394" }, { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "CNNVD", "id": "CNNVD-201508-438" }, { "db": "NVD", "id": "CVE-2015-3269" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:livecycle_data_services", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:automation_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:compute_systems_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_operation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_it_desktop_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-004431" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "kpc", "sources": [ { "db": "ZDI", "id": "ZDI-22-508" }, { "db": "CNNVD", "id": "CNNVD-201508-438" } ], "trust": 1.3 }, "cve": "CVE-2015-3269", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2015-3269", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "availabilityRequirement": "MEDIUM", "baseScore": 4.3, "collateralDamagePotential": "LOW-MEDIUM", "confidentialityImpact": "PARTIAL", "confidentialityRequirement": "MEDIUM", "enviromentalScore": 1.4, "exploitability": "PROOF-OF-CONCEPT", "exploitabilityScore": 3.1, "id": "CVE-2016-2340", "impactScore": 6.4, "integrityImpact": "PARTIAL", "integrityRequirement": "MEDIUM", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "remediationLevel": "NOT DEFINED", "reportConfidence": "UNCOFIRMED", "severity": "MEDIUM", "targetDistribution": "LOW", "trust": 0.8, "userInteractionRequired": null, "vector_string": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2015-3269", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-3269", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2016-2340", "trust": 0.8, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2015-3269", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2015-3269", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201508-438", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#279472" }, { "db": "ZDI", "id": "ZDI-22-508" }, { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "CNNVD", "id": "CNNVD-201508-438" }, { "db": "NVD", "id": "CVE-2015-3269" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the AMF protocol. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the fmserver user. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. \nHowever this expanded information is not automatically transferred back to\nthe client, but could be made available by the application. ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2015-0008\nSynopsis: VMware product updates address information disclosure\n issue\n\nIssue date: 2015-11-18\nUpdated on: 2015-11-18\nCVE number: CVE-2015-3269\n------------------------------------------------------------------------\n\n1. Summary\n\n VMware product updates address information disclosure issue. \n\n\n2. Relevant Releases\n\n VMware vCenter Server 5.5 prior to version 5.5 update 3\n VMware vCenter Server 5.1 prior to version 5.1 update u3b\n VMware vCenter Server 5.0 prior to version 5.0 update u3e\n\n vCloud Director 5.6 prior to version 5.6.4\n vCloud Director 5.5 prior to version 5.5.3\n\n VMware Horizon View 6.0 prior to version 6.1\n VMware Horizon View 5.0 prior to version 5.3.4\n\n\n\n3. Problem Description\n\n a. vCenter Server, vCloud Director, Horizon View information\n disclosure issue. A specially\n crafted XML request sent to the server could lead to unintended\n information be disclosed. \n\n VMware would like to thank Matthias Kaiser of Code White GmbH for\n reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-3269 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product\t Running Replace with/\n Product Version\t on Apply Patch\n =============\t=======\t ======= =================\n vCenter Server 6.0 any not affected\n vCenter Server 5.5 any 5.5 update 3\n vCenter Server 5.1 any 5.1 update u3b\n vCenter Server 5.0 any 5.5 update u3e\n\n vCloud Director 5.6 any 5.6.4\n vCloud Director 5.5 any 5.5.3\n\n Horizon View 6.0 any 6.1\n Horizon View 5.3 any 5.3.4\n\n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n\n\n vCenter Server\n --------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vsphere\n\n vCloud Director For Service Providers\n --------------------------------\n Downloads and Documentation:\n https://www.vmware.com/support/pubs/vcd_pubs.html\n\n Horizon View 6.1, 5.3.4:\n --------------------------------\n Downloads:\n https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-610-GA\u0026productId=492\n https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-534-PREMIER\u0026productId=396\n\n\n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3269\n\n------------------------------------------------------------------------\n\n6. Change log\n\n 2015-11-18 VMSA-2015-0008\n Initial security advisory\n\n------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n Consolidated list of VMware Security Advisories\n http://kb.vmware.com/kb/2078735\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n\n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2015 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05026202\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05026202\nVersion: 2\n\nHPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex\nBlazeDS, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-03-03\nLast Updated: 2016-03-03\n\nPotential Security Impact: Remote Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in Apache Flex BlazeDS was addressed by HP\nOperations Manager i (OMi) and Business Service Manager (BSM). \n\nNote : OMi v10.10 is NOT affected by this vulnerability. \n\nReferences:\n\nCVE-2015-3269\nSSRT102232\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nOperations Manager i v10.0, v10.01\nBusiness Service Manager v9.x to v9.26\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-3269 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nThe Hewlett Packard Enterprise Company thanks Nicholas Miles from Tenable\nNetwork Security for reporting this issue to security-alert@hpe.com\n\nRESOLUTION\n\nHPE has made the following mitigation information available to resolve the\nvulnerability for the impacted versions of Operations Manager i and Business\nService Manager:\n\nFor OMi 10.0 update to OMi 10.0 IP3 or above. \nThe OMi 10.0 IP3 patches can be found here:\n\nFor Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu\nlt/-/facetsearch/document/LID/OMI_00122?lang=en\u0026cc=us\u0026hpappid=202392_OSP_PRO_\nHPE\n\nFor Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result\n/-/facetsearch/document/LID/OMI_00123?lang=en\u0026cc=us\u0026hpappid=202392_OSP_PRO_HP\nE\n\nFor OMi 10.01 update to OMi 10.01 IP2 or above. \nThe OMi 10.01 IP2 patches can be found here:\n\nFor Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu\nlt/-/facetsearch/document/LID/OMI_00120\n\nFor Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result\n/-/facetsearch/document/LID/OMI_00121\n\nOMi 10.10 is NOT affected by this vulnerability. \n\nFor BSM 9.x to 9.25, update to BSM 9.25 IP2 or above. \n\nFor Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu\nlt/-/facetsearch/document/LID/BAC_00899\n\nFor Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result\n/-/facetsearch/document/LID/BAC_00896\n\nFor BSM 9.26 please contact HPE Technical Support. \n\nHISTORY\nVersion:1 (rev.1) - 3 March 2016 Initial release\nVersion:2 (rev.2) - 3 March 2016 Added acknowledgment section\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJW2GZoAAoJEGIGBBYqRO9/g7wIAIuGN+IoM69sf1dzu0wROFfj\nfDKMymKIsUz975nC1VoPm+70FiBRNKwuL73uqA7Gkrhnv1ldxeBjsX058FR3q5ZE\nmhlhfp86BMKJMtuWI3nTVo25gQM4PVaB6GuS52PrROhwcNRKnGy6K1OlYPEtFXiy\nOC6YNBwBBbvookB6bPkziPzvdc85zTU8Pc7YDZQoO14vw/k1PDBaFSHs7QnLlrAw\n2cZADbYL9QIDWjIO/QVHo8iwYkjpxRmBzK6qXg/Ys1vij6/RYLqMtk5fxxMRlkfS\n0oiFiUS8zVf+QASHRAuj4KXeCOCi66UEAgewkDa15GyByubl8WQRg7ovw1fHGUA=\n=4Dvo\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2015-3269" }, { "db": "CERT/CC", "id": "VU#307983" }, { "db": "CERT/CC", "id": "VU#279472" }, { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "ZDI", "id": "ZDI-22-508" }, { "db": "BID", "id": "76394" }, { "db": "PACKETSTORM", "id": "133250" }, { "db": "PACKETSTORM", "id": "134439" }, { "db": "PACKETSTORM", "id": "136084" } ], "trust": 4.23 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.kb.cert.org/vuls/id/279472", "trust": 0.8, "type": "poc" } ], "sources": [ { "db": "CERT/CC", "id": "VU#279472" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3269", "trust": 4.5 }, { "db": "ZDI", "id": "ZDI-22-508", "trust": 2.3 }, { "db": "BID", "id": "76394", "trust": 1.9 }, { "db": "CERT/CC", "id": "VU#279472", "trust": 1.6 }, { "db": "SECTRACK", "id": "1033337", "trust": 1.6 }, { "db": "CERT/CC", "id": "VU#307983", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2015-004431", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15192", "trust": 0.7 }, { "db": "NSFOCUS", "id": "46622", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201508-438", "trust": 0.6 }, { "db": "HITACHI", "id": "HS16-005", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "133250", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134439", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136084", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#307983" }, { "db": "CERT/CC", "id": "VU#279472" }, { "db": "ZDI", "id": "ZDI-22-508" }, { "db": "BID", "id": "76394" }, { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "PACKETSTORM", "id": "133250" }, { "db": "PACKETSTORM", "id": "134439" }, { "db": "PACKETSTORM", "id": "136084" }, { "db": "CNNVD", "id": "CNNVD-201508-438" }, { "db": "NVD", "id": "CVE-2015-3269" } ] }, "id": "VAR-201508-0177", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.18666667 }, "last_update_date": "2024-11-23T21:42:02.694000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB15-20", "trust": 0.8, "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html" }, { "title": "APSB15-20", "trust": 0.8, "url": "https://helpx.adobe.com/jp/security/products/livecycleds/apsb15-20.html" }, { "title": "HS16-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-009/index.html" }, { "title": "HS16-005", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-005/index.html" }, { "title": "HS15-028", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-028/index.html" }, { "title": "HS16-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-009/index.html" }, { "title": "HS16-005", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-005/index.html" }, { "title": "HS15-028", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-028/index.html" }, { "title": "LCDS_4.6.2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57450" }, { "title": "LCDS_4.5.1", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57449" }, { "title": "LCDS_3.1.0", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57448" }, { "title": "LCDS_3.0.0", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57447" }, { "title": "LCDS_4.7.0", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57451" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "CNNVD", "id": "CNNVD-201508-438" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "NVD", "id": "CVE-2015-3269" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-508/" }, { "trust": 1.9, "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-20.html" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1033337" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/536266/100/0/threaded" }, { "trust": 1.6, "url": "http://www.vmware.com/security/advisories/vmsa-2015-0008.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=145706712500978\u0026w=2" }, { "trust": 1.6, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05026202" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/76394" }, { "trust": 1.6, "url": "https://helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3269" }, { "trust": 0.8, "url": "http://codewhitesec.blogspot.com/2017/04/amf.html" }, { "trust": 0.8, "url": "http://openjdk.java.net/jeps/290" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/279472" }, { "trust": 0.8, "url": "http://www.adobe.com/go/amfspec" }, { "trust": 0.8, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.8, "url": "https://cwe.mitre.org/data/definitions/913.html" }, { "trust": 0.8, "url": "https://cwe.mitre.org/data/definitions/611.html" }, { "trust": 0.8, "url": "https://flex.apache.org/download-blazeds.html" }, { "trust": 0.8, "url": "https://www.vmware.com/security/advisories/vmsa-2017-0007.html" }, { "trust": 0.8, "url": "http://codewhitesec.blogspot.com/2015/08/cve-2015-3269-apache-flex-blazeds-xxe.html" }, { "trust": 0.8, "url": "https://www.owasp.org/index.php/xml_external_entity_%28xxe%29_processing" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/archive/1/archive/1/536266/100/0/threaded" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/46622" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://www.adobe.com/devnet/livecycle/dataservices.html" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2015/q3/394" }, { "trust": 0.3, "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-21.html" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05026202" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs16-005/index.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2015-0008" }, { "trust": 0.3, "url": "http://www.kb.cert.org/vuls/id/307983" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3269" }, { "trust": 0.1, "url": "https://www.owasp.org/index.php/xml_external_entity_(xxe)_processing" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "https://my.vmware.com/web/vmware/details?downloadgroup=view-534-premier\u0026productid=396" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://www.vmware.com/go/download-vsphere" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2078735" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "https://www.vmware.com/support/pubs/vcd_pubs.html" }, { "trust": 0.1, "url": "https://my.vmware.com/web/vmware/details?downloadgroup=view-610-ga\u0026productid=492" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "https://softwaresupport.hp.com/group/softwaresupport/search-resu" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result" } ], "sources": [ { "db": "CERT/CC", "id": "VU#307983" }, { "db": "CERT/CC", "id": "VU#279472" }, { "db": "BID", "id": "76394" }, { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "PACKETSTORM", "id": "133250" }, { "db": "PACKETSTORM", "id": "134439" }, { "db": "PACKETSTORM", "id": "136084" }, { "db": "CNNVD", "id": "CNNVD-201508-438" }, { "db": "NVD", "id": "CVE-2015-3269" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#307983" }, { "db": "CERT/CC", "id": "VU#279472" }, { "db": "ZDI", "id": "ZDI-22-508" }, { "db": "BID", "id": "76394" }, { "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "db": "PACKETSTORM", "id": "133250" }, { "db": "PACKETSTORM", "id": "134439" }, { "db": "PACKETSTORM", "id": "136084" }, { "db": "CNNVD", "id": "CNNVD-201508-438" }, { "db": "NVD", "id": "CVE-2015-3269" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-04-04T00:00:00", "db": "CERT/CC", "id": "VU#307983" }, { "date": "2016-03-24T00:00:00", "db": "CERT/CC", "id": "VU#279472" }, { "date": "2022-03-11T00:00:00", "db": "ZDI", "id": "ZDI-22-508" }, { "date": "2015-08-18T00:00:00", "db": "BID", "id": "76394" }, { "date": "2015-08-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "date": "2015-08-22T13:33:33", "db": "PACKETSTORM", "id": "133250" }, { "date": "2015-11-19T14:15:30", "db": "PACKETSTORM", "id": "134439" }, { "date": "2016-03-04T16:03:09", "db": "PACKETSTORM", "id": "136084" }, { "date": "2015-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-438" }, { "date": "2015-08-25T01:59:00.087000", "db": "NVD", "id": "CVE-2015-3269" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-04-14T00:00:00", "db": "CERT/CC", "id": "VU#307983" }, { "date": "2016-03-24T00:00:00", "db": "CERT/CC", "id": "VU#279472" }, { "date": "2022-03-11T00:00:00", "db": "ZDI", "id": "ZDI-22-508" }, { "date": "2017-04-11T01:03:00", "db": "BID", "id": "76394" }, { "date": "2016-03-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-004431" }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-438" }, { "date": "2024-11-21T02:29:02.500000", "db": "NVD", "id": "CVE-2015-3269" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201508-438" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references", "sources": [ { "db": "CERT/CC", "id": "VU#307983" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201508-438" } ], "trust": 0.6 } }