Vulnerability Details CVE-2013-0625
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.866
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
Proposed Action
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Ransomware Campaign
Unknown
References
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.securityfocus.com/bid/57164
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.securityfocus.com/bid/57164
Products affected by CVE-2013-0625
-
cpe:2.3:a:adobe:coldfusion:9.0
-
cpe:2.3:a:adobe:coldfusion:9.0.1
-
cpe:2.3:a:adobe:coldfusion:9.0.2
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:opengroup:unix:-