CVSS: 9.8EPSS: 96%CPEs: 22EXPL: 3CVE-2023-26360 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution. • https://github.com/yosef0x01/CVE-2023-26360 https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360/rapid7-analysis • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 71%CPEs: 22EXPL: 0CVE-2023-26359 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. • https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-42341 – Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read
https://notcve.org/view.php?id=CVE-2022-42341
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de restricción inapropiada de tipo XML External Entity Reference ("XXE") que podría resultar en una lectura arbitraria del sistema de archivos. No es requerida una interacción del usuario para la explotación de este problema • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-42340 – Adobe ColdFusion Improper Input Validation Arbitrary file system read
https://notcve.org/view.php?id=CVE-2022-42340
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Comprobación de Entrada Inapropiada que podría resultar en una lectura arbitraria del sistema de archivos. No es requerida una interacción del usuario para la explotación de este problema • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-35710 – Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35710
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en la región Stack de la memoria que podría resultar en una ejecución de código arbitrario en el contexto del usuario actual. No es requerida una interacción del usuario para la explotación de este problema, la vulnerabilidad es desencadenada cuando es enviado un paquete de red diseñado al servidor This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •