CVE-2004-2331

CWE-4703 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 98.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Macromedia Coldfusion
Timeline
PublishedDec 31
Latest updateApr 29

Description

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

Patches

Patch: www.macromedia.comPatch: www.securityfocus.comPatch: www.macromedia.com

🔴Vulnerability Details

2
GHSA
GHSA-3f48-pqw5-hg2j: ColdFusion MX 62022-04-29
CVEList
CVE-2004-2331: ColdFusion MX 62005-08-16
CVE-2004-2331 (MEDIUM CVSS 5.5) | ColdFusion MX 6.1 and 6.1 J2EE allo | cvebase.io