CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-35711 – Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35711
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en la región Heap de la memoria que podría resultar en una ejecución de código arbitrario en el contexto del usuario actual. No es requerida una interacción del usuario para la explotación de este problema, la vulnerabilidad es desencadenada cuando es enviado un paquete de red diseñado al servidor This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-35712 – Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35712
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en la región Heap de la memoria que podría resultar en una ejecución de código arbitrario en el contexto del usuario actual. No es requerida una interacción del usuario para la explotación de este problema, la vulnerabilidad es desencadenada cuando es enviado un paquete de red diseñado al servidor This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-38420 – Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service
https://notcve.org/view.php?id=CVE-2022-38420
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Uso de Credenciales Embebidas que podría resultar en una denegación de servicio de la aplicación al conseguir acceso para iniciar/detener servicios arbitrarios. No es requerida una interacción del usuario para la explotación de este problema This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Admin Component service. • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2022-38424 – Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write
https://notcve.org/view.php?id=CVE-2022-38424
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") que podría resultar en una escritura arbitraria en el sistema de archivos. No es requerida una interacción del usuario para la explotación de este problema, pero sí requiere privilegios de administrador This vulnerability allows remote attackers to disclose or delete sensitive files on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-35690 – Adobe ColdFusion ODBC Agent Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35690
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en la región Stack de la memoria que podría resultar en una ejecución de código arbitrario en el contexto del usuario actual. No es requerida una interacción del usuario para la explotación de este problema, la vulnerabilidad es desencadenada cuando es enviado un paquete de red diseñado al servidor This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of GIOP packets. • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •