CVE-2017-3066

Warnung

Exploit

EPSS 93.36%
Veröffentlicht 27.04.2017 14:59:00
Zuletzt bearbeitet 22.10.2025 00:16:05
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version10.0 Update-

Adobe ≫ Coldfusion Version10.0 Updateupdate1

Adobe ≫ Coldfusion Version10.0 Updateupdate10

Adobe ≫ Coldfusion Version10.0 Updateupdate11

Adobe ≫ Coldfusion Version10.0 Updateupdate12

Adobe ≫ Coldfusion Version10.0 Updateupdate13

Adobe ≫ Coldfusion Version10.0 Updateupdate14

Adobe ≫ Coldfusion Version10.0 Updateupdate15

Adobe ≫ Coldfusion Version10.0 Updateupdate16

Adobe ≫ Coldfusion Version10.0 Updateupdate17

Adobe ≫ Coldfusion Version10.0 Updateupdate18

Adobe ≫ Coldfusion Version10.0 Updateupdate19

Adobe ≫ Coldfusion Version10.0 Updateupdate2

Adobe ≫ Coldfusion Version10.0 Updateupdate20

Adobe ≫ Coldfusion Version10.0 Updateupdate21

Adobe ≫ Coldfusion Version10.0 Updateupdate22

Adobe ≫ Coldfusion Version10.0 Updateupdate3

Adobe ≫ Coldfusion Version10.0 Updateupdate4

Adobe ≫ Coldfusion Version10.0 Updateupdate5

Adobe ≫ Coldfusion Version10.0 Updateupdate6

Adobe ≫ Coldfusion Version10.0 Updateupdate7

Adobe ≫ Coldfusion Version10.0 Updateupdate8

Adobe ≫ Coldfusion Version10.0 Updateupdate9

Adobe ≫ Coldfusion Version11.0 Update-

Adobe ≫ Coldfusion Version11.0 Updateupdate1

Adobe ≫ Coldfusion Version11.0 Updateupdate10

Adobe ≫ Coldfusion Version11.0 Updateupdate11

Adobe ≫ Coldfusion Version11.0 Updateupdate2

Adobe ≫ Coldfusion Version11.0 Updateupdate3

Adobe ≫ Coldfusion Version11.0 Updateupdate4

Adobe ≫ Coldfusion Version11.0 Updateupdate5

Adobe ≫ Coldfusion Version11.0 Updateupdate6

Adobe ≫ Coldfusion Version11.0 Updateupdate7

Adobe ≫ Coldfusion Version11.0 Updateupdate8

Adobe ≫ Coldfusion Version11.0 Updateupdate9

Adobe ≫ Coldfusion Version2016 Update-

Adobe ≫ Coldfusion Version2016 Updateupdate1

Adobe ≫ Coldfusion Version2016 Updateupdate2

Adobe ≫ Coldfusion Version2016 Updateupdate3

24.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe ColdFusion Deserialization Vulnerability

Schwachstelle

Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.36%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H