- EPSS 6.97%
- Veröffentlicht 25.03.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 05:31:45
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.
CVE-2019-8256
- EPSS 4.01%
- Veröffentlicht 19.12.2019 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:49:35
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-8072
- EPSS 7.35%
- Veröffentlicht 27.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:49:13
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
- EPSS 8.25%
- Veröffentlicht 27.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:49:14
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
- EPSS 18.86%
- Veröffentlicht 27.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:49:14
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.
- EPSS 17.45%
- Veröffentlicht 12.06.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:50
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
- EPSS 44.1%
- Veröffentlicht 12.06.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:50
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- EPSS 17.22%
- Veröffentlicht 12.06.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:50
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
- EPSS 25.7%
- Veröffentlicht 24.05.2019 19:29:02
- Zuletzt bearbeitet 21.11.2024 04:47:32
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7092
- EPSS 2.39%
- Veröffentlicht 24.05.2019 19:29:02
- Zuletzt bearbeitet 21.11.2024 04:47:32
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .