CVE-2019-8073

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

12.8%

top 5.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Cold Fusion Adobe Coldfusion

Timeline

PublishedSep 27

Latest updateMay 24

Description

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/coldfusion2016, 2018+1

▶CVEListV5adobe/cold_fusionColdFusion 2016- update 11 and earlier, ColdFusion 2018- update 4 and earlier+1

🔴Vulnerability Details

GHSA

GHSA-7p89-v79m-mv83: ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability↗2022-05-24

▶

CVEList

CVE-2019-8073: ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability↗2019-09-27

▶