9.8
CVE-2013-0625
- EPSS 93.8%
- Veröffentlicht 09.01.2013 01:55:00
- Zuletzt bearbeitet 16.06.2026 23:49:47
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Coldfusion Version9.0
Adobe ≫ Coldfusion Version9.0.1
07.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe ColdFusion Authentication Bypass Vulnerability
SchwachstelleAdobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.8% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.securityfocus.com/bid/57164
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0625