CVE-2022-42340
published 2022-10-14CVE-2022-42340: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in…
PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
33.84%
98.2th percentile
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | unspecified – CF2021U4 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m274-mr5x-8jxg: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could res
ghsa_unreviewed·2022-10-15
CVE-2022-42340 [HIGH] CWE-20 GHSA-m274-mr5x-8jxg: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could res
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
Oracle
Oracle Oracle Big Data Graph Risk Matrix: Big Data Graph (Apache Tomcat) — CVE-2021-42340
vendor_oracle·2022-07-15·CVSS 7.5
CVE-2021-42340 [HIGH] Oracle Oracle Big Data Graph Risk Matrix: Big Data Graph (Apache Tomcat) — CVE-2021-42340
Oracle Oracle Big Data Graph Risk Matrix: Big Data Graph (Apache Tomcat) vulnerability
CVE: CVE-2021-42340
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2022 (JUL 2022)
Oracle
Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache Tomcat) — CVE-2021-42340
vendor_oracle·2022-04-15·CVSS 7.5
CVE-2021-42340 [HIGH] Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache Tomcat) — CVE-2021-42340
Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache Tomcat) vulnerability
CVE: CVE-2021-42340
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2022 (APR 2022)
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Apache Tomcat) — CVE-2021-42340
vendor_oracle·2022-01-15·CVSS 7.5
CVE-2021-42340 [HIGH] Oracle Oracle Communications Risk Matrix: Platform (Apache Tomcat) — CVE-2021-42340
Oracle Oracle Communications Risk Matrix: Platform (Apache Tomcat) vulnerability
CVE: CVE-2021-42340
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2022 (JAN 2022)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-14
Published