2019-06-12 18:29:00 2019-06-13 19:36:42

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Adobe Coldfusion 11.0 - (not an official CPE) Adobe Coldfusion 11.0 Update 1 (not an official CPE) Adobe Coldfusion 11.0 Update 10 (not an official CPE) Adobe Coldfusion 11.0 Update 11 (not an official CPE) Adobe Coldfusion 11.0 Update 12 (not an official CPE) Adobe Coldfusion 11.0 Update 13 (not an official CPE) Adobe Coldfusion 11.0 Update 14 (not an official CPE) Adobe Coldfusion 11.0 Update 15 (not an official CPE) Adobe Coldfusion 11.0 Update 16 (not an official CPE) Adobe Coldfusion 11.0 Update 17 (not an official CPE) Adobe Coldfusion 11.0 Update 18 (not an official CPE) Adobe ColdFusion 11.0 Update 2 Adobe Coldfusion 11.0 Update 3 (not an official CPE) Adobe ColdFusion 11.0 Update 4 Adobe Coldfusion 11.0 Update 5 (not an official CPE) Adobe Coldfusion 11.0 Update 6 (not an official CPE) Adobe Coldfusion 11.0 Update 7 (not an official CPE) Adobe Coldfusion 11.0 Update 8 (not an official CPE) Adobe Coldfusion 11.0 Update 9 (not an official CPE) Adobe Coldfusion 2016 - (not an official CPE) Adobe Coldfusion 2016 Update 1 (not an official CPE) Adobe Coldfusion 2016 Update 10 (not an official CPE) Adobe Coldfusion 2016 Update 2 (not an official CPE) Adobe Coldfusion 2016 Update 3 (not an official CPE) Adobe Coldfusion 2016 Update 4 (not an official CPE) Adobe Coldfusion 2016 Update 5 (not an official CPE) Adobe Coldfusion 2016 Update 6 (not an official CPE) Adobe Coldfusion 2016 Update 7 (not an official CPE) Adobe Coldfusion 2016 Update 8 (not an official CPE) Adobe Coldfusion 2016 Update 9 (not an official CPE) Adobe Coldfusion 2018 - (not an official CPE) Adobe Coldfusion 2018 Update 1 (not an official CPE) Adobe Coldfusion 2018 Update 2 (not an official CPE) Adobe Coldfusion 2018 Update 3 (not an official CPE)