CVE-2013-3350 — Adobe Coldfusion vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.7%

top 17.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Coldfusion

Timeline

PublishedJul 10

Latest updateMay 13

Description

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/coldfusion10.0

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-5p42-mqfc-rv93: Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets↗2022-05-13

▶

CVEList

CVE-2013-3350: Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets↗2013-07-10

▶