CVE-2019-8256 — Incorrect Permission Assignment in Adobe Coldfusion

CWE-732 — Incorrect Permission Assignment CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 29.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Coldfusion

Timeline

PublishedDec 19

Latest updateMay 24

Description

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5adobe/coldfusionUpdate 6 and earlier versions

▶NVDadobe/coldfusion2018

🔴Vulnerability Details

GHSA

GHSA-fvwf-7864-8876: ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability↗2022-05-24

▶

CVEList

CVE-2019-8256: ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability↗2019-12-19

▶