Page 3 of 14 results (0.011 seconds)

CVSS: 9.8EPSS: 96%CPEs: 28EXPL: 0

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 96%CPEs: 25EXPL: 0

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 7.5EPSS: 96%CPEs: 25EXPL: 0

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-284: Improper Access Control •