Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Coldfusion
APPAdobe9.09.0.19.0.2Apple Mac Os X
OSApplewszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeOpengroup Unix
OSOpengroupwszystkie wersje
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- ColdFusion
- Added to KEVi
- March 7, 2022
- Remediation deadline (US Federal)i
- September 7, 2022(overdue)
Apply updates per vendor instructions.
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit