10
CVE-2013-0632
- EPSS 92.37%
- Veröffentlicht 17.01.2013 00:55:01
- Zuletzt bearbeitet 22.10.2025 01:15:47
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Loginadministrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Coldfusion Version9.0
Adobe ≫ Coldfusion Version9.0.1
Adobe ≫ Coldfusion Version9.0.2
Adobe ≫ Coldfusion Version10.0
03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe ColdFusion Authentication Bypass Vulnerability
SchwachstelleAn authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.37% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.