CVE-2010-5290Adobe Coldfusion vulnerability

3 documents3 sources
Severity
10.0CRITICALNVD
CNA9.8
EPSS
2.5%
top 14.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedSep 20
Latest updateMay 17

Description

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDadobe/coldfusion9.0.2+2

🔴Vulnerability Details

2
GHSA
GHSA-755h-qpqx-6774: The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which mak2022-05-17
CVEList
CVE-2010-5290: The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which mak2013-09-20
CVE-2010-5290 — Adobe Coldfusion vulnerability | cvebase