CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41874 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2024-41874
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction. Las versiones 2023.9, 2021.15 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de deserialización de datos no confiables que podría provocar la ejecución de código arbitrario en el contexto del usuario actual. Un atacante podría aprovechar esta vulnerabilidad proporcionando una entrada manipulada a la aplicación que, cuando se deserialice, provoque la ejecución de código malicioso. • https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45113 – ColdFusion | Improper Authentication (CWE-287)
https://notcve.org/view.php?id=CVE-2024-45113
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction. Las versiones 2023.6, 2021.12 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de autenticación incorrecta que podría provocar una escalada de privilegios. Un atacante podría aprovechar esta vulnerabilidad para obtener acceso no autorizado y afectar la integridad de la aplicación. • https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34112 – ColdFusion CFDOCUMENT file retrieval / access control bypass
https://notcve.org/view.php?id=CVE-2024-34112
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. Las versiones 2023u7, 2021u13 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podría provocar una lectura arbitraria del sistema de archivos. Un atacante podría aprovechar esta vulnerabilidad para obtener acceso no autorizado a archivos o datos confidenciales. • https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html • CWE-284: Improper Access Control •
CVSS: 6.2EPSS: 0%CPEs: 20EXPL: 0CVE-2024-34113 – ColdFusion | Weak Cryptography for Passwords (CWE-261)
https://notcve.org/view.php?id=CVE-2024-34113
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. Las versiones 2023u7, 2021u13 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de criptografía débil para contraseñas que podría provocar una omisión de la función de seguridad. • https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 8.2EPSS: 9%CPEs: 1EXPL: 4CVE-2024-20767 – Coldfusion 2023/2021 Pre-Auth monitor uuid leak lead to arbitrary file read/write
https://notcve.org/view.php?id=CVE-2024-20767
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. Las versiones 2023.6, 2021.12 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podría provocar una lectura arbitraria del sistema de archivos. Un atacante podría aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado a archivos confidenciales y realizar escrituras arbitrarias en el sistema de archivos. • https://github.com/yoryio/CVE-2024-20767 https://github.com/Chocapikk/CVE-2024-20767 https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion https://github.com/m-cetin/CVE-2024-20767 https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html • CWE-284: Improper Access Control •