CVE-2018-15963 — Adobe Coldfusion vulnerability

3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

5.2%

top 10.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Coldfusion

Timeline

PublishedSep 25

Latest updateMay 13

Description

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5adobe/coldfusionJuly 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions

▶NVDadobe/coldfusion11.0, 2016, 2018+2

🔴Vulnerability Details

GHSA

GHSA-3mpv-g3cv-rx7h: Adobe ColdFusion versions July 12 release (2018↗2022-05-13

▶

CVEList

CVE-2018-15963: Adobe ColdFusion versions July 12 release (2018↗2018-09-25

▶