CVE-2022-38420
Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.
Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Uso de Credenciales Embebidas que podría resultar en una denegación de servicio de la aplicación al conseguir acceso para iniciar/detener servicios arbitrarios. No es requerida una interacción del usuario para la explotación de este problema
This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Admin Component service. The service uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system.
*Credits:
rgod
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-18 CVE Reserved
- 2022-10-14 CVE Published
- 2024-05-03 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html | 2022-10-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update1 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update10 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update11 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update12 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update13 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update14 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update2 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update3 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update4 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update5 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update6 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update7 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update8 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2018 Search vendor "Adobe" for product "Coldfusion" and version "2018" | update9 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2021 Search vendor "Adobe" for product "Coldfusion" and version "2021" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2021 Search vendor "Adobe" for product "Coldfusion" and version "2021" | update1 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2021 Search vendor "Adobe" for product "Coldfusion" and version "2021" | update2 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2021 Search vendor "Adobe" for product "Coldfusion" and version "2021" | update3 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Coldfusion Search vendor "Adobe" for product "Coldfusion" | 2021 Search vendor "Adobe" for product "Coldfusion" and version "2021" | update4 |
Affected
| ||||||