CVSS: 7.4EPSS: 0%CPEs: 13EXPL: 0CVE-2021-40699 – ColdFusion CFIDE Improper Access Control Leads To Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-40699
07 Sep 2023 — ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. ColdFusion versión 2021 update 1 (y anteriores) y las versiones 2018.10 (y anteriores) se ven afectadas por una vulnerabilidad de control de acceso incorrecta al comprobar los permisos en la ruta CFIDE. Un at... • https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 13EXPL: 0CVE-2021-40698 – ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass
https://notcve.org/view.php?id=CVE-2021-40698
07 Sep 2023 — ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. ColdFusion versión 2021 update 1 (y anteriores) y las versiones 2018.10 (y anteriores) se ven afectadas por una vulnerabilidad de uso de funciones inherentemente peligrosas que puede provocar una... • https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html • CWE-242: Use of Inherently Dangerous Function •
CVSS: 10.0EPSS: 94%CPEs: 28EXPL: 0CVE-2023-38203 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-38203
20 Jul 2023 — Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 92%CPEs: 25EXPL: 0CVE-2023-29300 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-29300
12 Jul 2023 — Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29301 – Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Security feature bypass
https://notcve.org/view.php?id=CVE-2023-29301
12 Jul 2023 — Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 94%CPEs: 25EXPL: 0CVE-2023-29298 – Adobe ColdFusion Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2023-29298
12 Jul 2023 — Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 87%CPEs: 22EXPL: 0CVE-2023-26359 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-26359
23 Mar 2023 — Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. • https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 94%CPEs: 22EXPL: 7CVE-2023-26360 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-26360
23 Mar 2023 — Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote c... • https://packetstorm.news/files/id/177523 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 18%CPEs: 22EXPL: 0CVE-2023-26361 – Adobe ColdFusion Directory Traversal Arbitrary file system read Vulnerability
https://notcve.org/view.php?id=CVE-2023-26361
23 Mar 2023 — Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to explo... • https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 0CVE-2022-42341 – Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read
https://notcve.org/view.php?id=CVE-2022-42341
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de restricción inapropiada de tipo XML External Entity Reference ("XXE") que podría resultar en una lectura arbi... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-611: Improper Restriction of XML External Entity Reference •