Vulnerability Details CVE-2013-0632
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.925
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
Ransomware Campaign
Unknown
References
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.exploit-db.com/exploits/30210
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.exploit-db.com/exploits/30210
Products affected by CVE-2013-0632
-
cpe:2.3:a:adobe:coldfusion:10.0
-
cpe:2.3:a:adobe:coldfusion:9.0
-
cpe:2.3:a:adobe:coldfusion:9.0.1
-
cpe:2.3:a:adobe:coldfusion:9.0.2