7.02

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

macromedia

NVD

Published: 2006-08-09

Updated: 2017-07-20

Summary

The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Coldfusion 7.0 Macromedia Coldfusion 7.02	2

References

http://secunia.com/advisories/21421
http://securitytracker.com/id?1016660
http://www.adobe.com/support/security/bulletins/apsb06-10.html
http://www.securityfocus.com/bid/19426
http://www.vupen.com/english/advisories/2006/3224
https://exchange.xforce.ibmcloud.com/vulnerabilities/28294