9.8

CVE-2013-0625

Warnung
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeColdfusion Version9.0
   ApplemacOS X Version-
   MicrosoftWindows Version-
   OpengroupUnix Version-
AdobeColdfusion Version9.0.1
   ApplemacOS X Version-
   MicrosoftWindows Version-
   OpengroupUnix Version-
AdobeColdfusion Version9.0.2
   ApplemacOS X Version-
   MicrosoftWindows Version-
   OpengroupUnix Version-

07.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe ColdFusion Authentication Bypass Vulnerability

Schwachstelle

Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 86.56% 0.993
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/57164
Third Party Advisory
Broken Link
VDB Entry