CVSS: 9.8EPSS: 96%CPEs: 25EXPL: 0CVE-2023-29300 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-29300
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29301 – Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Security feature bypass
https://notcve.org/view.php?id=CVE-2023-29301
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 96%CPEs: 25EXPL: 0CVE-2023-29298 – Adobe ColdFusion Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2023-29298
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 29EXPL: 0CVE-2021-21087 – ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser
https://notcve.org/view.php?id=CVE-2021-21087
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. Las versiones de Adobe Coldfusion 2016 (actualización 16 y anteriores), 2018 (actualización 10 y anteriores) y 2021.0.0.323925 están afectadas por una vulnerabilidad de Neutralización inadecuada de la entrada durante la generación de la página web ('Cross-site Scripting'). Un atacante podría abusar de esta vulnerabilidad para ejecutar código JavaScript arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •