9.8

CVE-2016-1114

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeColdfusion Version10.0 Update-
AdobeColdfusion Version10.0 Updateupdate1
AdobeColdfusion Version10.0 Updateupdate10
AdobeColdfusion Version10.0 Updateupdate11
AdobeColdfusion Version10.0 Updateupdate12
AdobeColdfusion Version10.0 Updateupdate13
AdobeColdfusion Version10.0 Updateupdate14
AdobeColdfusion Version10.0 Updateupdate15
AdobeColdfusion Version10.0 Updateupdate16
AdobeColdfusion Version10.0 Updateupdate17
AdobeColdfusion Version10.0 Updateupdate18
AdobeColdfusion Version10.0 Updateupdate2
AdobeColdfusion Version10.0 Updateupdate3
AdobeColdfusion Version10.0 Updateupdate4
AdobeColdfusion Version10.0 Updateupdate5
AdobeColdfusion Version10.0 Updateupdate6
AdobeColdfusion Version10.0 Updateupdate7
AdobeColdfusion Version10.0 Updateupdate8
AdobeColdfusion Version10.0 Updateupdate9
AdobeColdfusion Version11.0 Update-
AdobeColdfusion Version11.0 Updateupdate1
AdobeColdfusion Version11.0 Updateupdate2
AdobeColdfusion Version11.0 Updateupdate3
AdobeColdfusion Version11.0 Updateupdate4
AdobeColdfusion Version11.0 Updateupdate5
AdobeColdfusion Version11.0 Updateupdate6
AdobeColdfusion Version11.0 Updateupdate7
AdobeColdfusion Version2016 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.34% 0.834
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.securityfocus.com/bid/90506
Third Party Advisory
VDB Entry