CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4938
https://notcve.org/view.php?id=CVE-2018-4938
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de carga de biblioteca no segura. Su explotación con éxito podría conducir al escalado de privilegios locales. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4941
https://notcve.org/view.php?id=CVE-2018-4941
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4942
https://notcve.org/view.php?id=CVE-2018-4942
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de procesamiento inseguro de entidades externas XML. Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4940
https://notcve.org/view.php?id=CVE-2018-4940
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 96%CPEs: 20EXPL: 0CVE-2018-4939 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2018-4939
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de deserialización de datos no fiables. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-502: Deserialization of Untrusted Data •