Vulnerabilities > Adobe > Coldfusion

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-41874 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-502
critical
9.8
2024-09-13 CVE-2024-45113 Improper Authentication vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.
network
low complexity
adobe CWE-287
7.5
2024-03-18 CVE-2024-20767 Unspecified vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
high complexity
adobe
7.4
2023-11-17 CVE-2023-44352 Unspecified vulnerability in Adobe Coldfusion
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe
6.1
2023-09-07 CVE-2021-40698 Unspecified vulnerability in Adobe Coldfusion
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??.
network
low complexity
adobe
7.4
2023-09-07 CVE-2021-40699 Unspecified vulnerability in Adobe Coldfusion
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path.
network
low complexity
adobe
7.4
2023-07-12 CVE-2023-29298 Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
7.5
2022-10-14 CVE-2022-35690 Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-787
critical
9.8
2022-05-12 CVE-2022-28818 Unspecified vulnerability in Adobe Coldfusion
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe
6.1
2021-05-27 CVE-2020-10145 Incorrect Default Permissions vulnerability in Adobe Coldfusion 2016/2018/2021
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\.
local
low complexity
adobe CWE-276
7.8