Adobe: >> Coldfusion >> 2016 Security Vulnerabilities
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.613
Published
2018-09-25
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.
CVSS Score
7.5
EPSS Score
0.092
Published
2018-09-25
CVE-2018-15961
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2018-09-25
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
5.3
EPSS Score
0.031
Published
2018-09-25
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.
CVSS Score
5.3
EPSS Score
0.092
Published
2018-09-25
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
7.5
EPSS Score
0.154
Published
2018-09-25
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-05-19
CVE-2018-4939
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.855
Published
2018-05-19
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
6.1
EPSS Score
0.011
Published
2018-05-19
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
6.1
EPSS Score
0.011
Published
2018-05-19