CVE-2004-2204

3 documents3 sources
Severity
7.2HIGH
EPSS
0.0%
top 98.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Macromedia Coldfusion
Timeline
PublishedDec 31
Latest updateApr 29

Description

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDmacromedia/coldfusion6.0, 6.1+1

🔴Vulnerability Details

2
GHSA
GHSA-qrm6-mr4f-gv6x: Macromedia ColdFusion MX 62022-04-29
CVEList
CVE-2004-2204: Macromedia ColdFusion MX 62005-07-10
CVE-2004-2204 (HIGH CVSS 7.2) | Macromedia ColdFusion MX 6.0 and 6. | cvebase.io