CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4942
https://notcve.org/view.php?id=CVE-2018-4942
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de procesamiento inseguro de entidades externas XML. Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4941
https://notcve.org/view.php?id=CVE-2018-4941
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-4940
https://notcve.org/view.php?id=CVE-2018-4940
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-11286
https://notcve.org/view.php?id=CVE-2017-11286
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. Adobe ColdFusion tiene una vulnerabilidad de inyección de XEE (XML External Entity). Esto afecta al Update 4 y a versiones anteriores para ColdFusion 2016 y al Update 12 y versiones anteriores para ColdFusion 11. • http://www.securityfocus.com/bid/100715 http://www.securitytracker.com/id/1039321 https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 51%CPEs: 18EXPL: 0CVE-2017-11284
https://notcve.org/view.php?id=CVE-2017-11284
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. Adobe ColdFusion tiene una vulnerabilidad de deserialización de datos no fiables. Esto afecta al Update 4 y a versiones anteriores para ColdFusion 2016 y al Update 12 y versiones anteriores para ColdFusion 11. • http://www.securityfocus.com/bid/100708 http://www.securitytracker.com/id/1039321 https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html • CWE-502: Deserialization of Untrusted Data •