CVE-2013-0625
Adobe ColdFusion Authentication Bypass Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a atacantes remotos evitar la autenticación y posiblemente ejecutar código arbitrario a través de vectores no especificados, como se explotó en enero de 2013.
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-18 CVE Reserved
- 2013-01-09 CVE Published
- 2013-04-10 First Exploit
- 2022-03-07 Exploited in Wild
- 2022-09-07 KEV Due Date
- 2025-02-04 CVE Updated
- 2025-03-30 EPSS Updated
CWE
- CWE-255: Credentials Management Errors
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb13-03.html | X_refsource_confirm | |
| http://www.securityfocus.com/bid/57164 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24946 | 2013-04-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.adobe.com/support/security/advisories/apsa13-01.html | 2013-01-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 9.0 Search vendor "Adobe" for product "Coldfusion" and version "9.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 9.0.1 Search vendor "Adobe" for product "Coldfusion" and version "9.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 9.0.2 Search vendor "Adobe" for product "Coldfusion" and version "9.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 10.0 Search vendor "Adobe" for product "Coldfusion" and version "10.0" | - |
Affected
| ||||||