CVE-2022-42340 — Improper Input Validation in Adobe Coldfusion

CWE-20 — Improper Input Validation6 documents4 sources

Severity

7.5HIGHNVD

EPSS

3.0%

top 13.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Coldfusion

Timeline

PublishedOct 14

Latest updateOct 15

Description

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5adobe/coldfusionunspecified — CF2021U4+2

▶NVDadobe/coldfusion2018, 2021+1

🔴Vulnerability Details

GHSA

GHSA-m274-mr5x-8jxg: Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could res↗2022-10-15

▶

CVEList

Adobe ColdFusion Improper Input Validation Arbitrary file system read↗2022-10-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Big Data Graph Risk Matrix: Big Data Graph (Apache Tomcat) — CVE-2021-42340↗2022-07-15

▶

Oracle

Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache Tomcat) — CVE-2021-42340↗2022-04-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Platform (Apache Tomcat) — CVE-2021-42340↗2022-01-15

▶