Vulnerability Details CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.2%
CVSS Severity
CVSS v2 Score 7.2
References
- http://secunia.com/advisories/12693
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html
- http://www.osvdb.org/10718
- http://www.securityfocus.com/archive/1/377213
- http://www.securityfocus.com/bid/11364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17567
- http://secunia.com/advisories/12693
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html
- http://www.osvdb.org/10718
- http://www.securityfocus.com/archive/1/377213
- http://www.securityfocus.com/bid/11364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17567
Products affected by CVE-2004-2204
-
cpe:2.3:a:macromedia:coldfusion:6.0
-
cpe:2.3:a:macromedia:coldfusion:6.1