CVE-2022-38420Hard-coded Credentials in Adobe Coldfusion

CWE-798Hard-coded Credentials3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedOct 14
Latest updateOct 15

Description

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/coldfusionunspecifiedCF2021U4+2
NVDadobe/coldfusion2018, 2021+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-gmgx-cj5g-7v52: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could2022-10-15
CVEList
Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service2022-10-14
CVE-2022-38420 — Hard-coded Credentials in Adobe | cvebase