CVSS: 10.0EPSS: 96%CPEs: 20EXPL: 0CVE-2018-4939 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2018-4939
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de deserialización de datos no fiables. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4942
https://notcve.org/view.php?id=CVE-2018-4942
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de procesamiento inseguro de entidades externas XML. Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4941
https://notcve.org/view.php?id=CVE-2018-4941
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4940
https://notcve.org/view.php?id=CVE-2018-4940
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-11286
https://notcve.org/view.php?id=CVE-2017-11286
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. Adobe ColdFusion tiene una vulnerabilidad de inyección de XEE (XML External Entity). Esto afecta al Update 4 y a versiones anteriores para ColdFusion 2016 y al Update 12 y versiones anteriores para ColdFusion 11. • http://www.securityfocus.com/bid/100715 http://www.securitytracker.com/id/1039321 https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html • CWE-611: Improper Restriction of XML External Entity Reference •