Adobe

Coldfusion

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-11283

  • EPSS 23.86%
  • Veröffentlicht 01.12.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

9.8

CVE-2017-11284

  • EPSS 23.86%
  • Veröffentlicht 01.12.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

6.1

CVE-2017-11285

  • EPSS 1.03%
  • Veröffentlicht 01.12.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

7.5

CVE-2017-11286

  • EPSS 1.29%
  • Veröffentlicht 01.12.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

6.1

CVE-2017-3008

  • EPSS 0.48%
  • Veröffentlicht 27.04.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.

10

CVE-2017-3066

Warnung Exploit
  • EPSS 93.36%
  • Veröffentlicht 27.04.2017 14:59:00
  • Zuletzt bearbeitet 22.10.2025 00:16:05

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code executi...

8.6

CVE-2016-4264

Exploit
  • EPSS 55.38%
  • Veröffentlicht 01.09.2016 23:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity...

6.1

CVE-2016-4159

  • EPSS 0.7%
  • Veröffentlicht 16.06.2016 14:59:41
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.9

CVE-2016-1115

  • EPSS 2.49%
  • Veröffentlicht 11.05.2016 01:59:44
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

9.8

CVE-2016-1114

  • EPSS 2.34%
  • Veröffentlicht 11.05.2016 01:59:43
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.