⚠ Actively exploited
Added to CISA KEV on 2022-03-07. Federal agencies required to patch by 2022-09-07. Required action: Apply updates per vendor instructions..

CVE-2013-0631Sensitive Information Exposure in Adobe Coldfusion

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
7.5HIGHNVD
EPSS
83.3%
top 0.73%
CISA KEV
KEV
Added 2022-03-07
Due 2022-09-07
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Coldfusion
Timeline
PublishedJan 9
KEV addedMar 7
Latest updateMay 17
KEV dueSep 7
CISA Required Action: Apply updates per vendor instructions.

Description

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDadobe/coldfusion9.0, 9.0.1, 9.0.2+2

🔴Vulnerability Details

3
GHSA
GHSA-g47v-r4wh-wjrq: Adobe ColdFusion 92022-05-17
CVEList
CVE-2013-0631: Adobe ColdFusion 92013-01-09
VulnCheck
Adobe ColdFusion Information Disclosure Vulnerability2013

📋Vendor Advisories

1
CISA
Adobe ColdFusion Information Disclosure Vulnerability2022-03-07
CVE-2013-0631 — Sensitive Information Exposure in Adobe | cvebase