CVE-2008-1203Improper Control of Interaction Frequency in Adobe Coldfusion

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
7.4%
top 8.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedMar 12
Latest updateMay 1

Description

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDadobe/coldfusion7.0, 8.0+1

Patches

Patch: www.adobe.comPatch: www.securityfocus.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-29pv-6m7w-rq5f: The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote at2022-05-01
CVEList
CVE-2008-1203: The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote at2008-03-12
CVE-2008-1203 — Adobe Coldfusion vulnerability | cvebase