Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Adobe ColdFusion Multiple Vulnerabilities (APSB18-33)

Information

Severity

Severity

Critical

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

5 years ago

Modified

Modified

4 years ago

Share

Summary

This host is running Adobe ColdFusion and is prone to multiple vulnerabilities.

Insight

Insight

Multiple flaws are due to, - An error while deserialization of untrusted data. - Use of a component with a known vulnerability. - A security bypass vulnerability. - Unauthorized access to directory listing. - Unrestricted file upload.

Affected Software

Affected Software

Adobe ColdFusion 2018 (July 12 release), ColdFusion 2016 update 6 and earlier, ColdFusion 11 Update 14 and earlier.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade Adobe ColdFusion to ColdFusion 2018 Update 1 or ColdFusion 2016 Update 7 or ColdFusion 11 Update 15 or later. Please see the references for more information.

Common Vulnerabilities and Exposures (CVE)

References