CVE-2019-8072

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

4.5%

top 10.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Cold Fusion Adobe Coldfusion

Timeline

PublishedSep 27

Latest updateMay 24

Description

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDadobe/coldfusion2016, 2018+1

▶CVEListV5adobe/cold_fusionColdFusion 2016- update 11 and earlier, ColdFusion 2018- update 4 and earlier+1

🔴Vulnerability Details

GHSA

GHSA-r6jc-g98j-3phm: ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability↗2022-05-24

▶

CVEList

CVE-2019-8072: ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability↗2019-09-27

▶