Vulnerabilities > Adobe > Coldfusion
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-13 | CVE-2024-41874 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
2024-09-13 | CVE-2024-45113 | Improper Authentication vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 7.5 |
2024-03-18 | CVE-2024-20767 | Unspecified vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. | 7.4 |
2023-11-17 | CVE-2023-44352 | Unspecified vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2023-09-07 | CVE-2021-40698 | Unspecified vulnerability in Adobe Coldfusion ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. | 7.4 |
2023-09-07 | CVE-2021-40699 | Unspecified vulnerability in Adobe Coldfusion ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. | 7.4 |
2023-07-12 | CVE-2023-29298 | Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 7.5 |
2022-10-14 | CVE-2022-35690 | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
2022-05-12 | CVE-2022-28818 | Unspecified vulnerability in Adobe Coldfusion ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2021-05-27 | CVE-2020-10145 | Incorrect Default Permissions vulnerability in Adobe Coldfusion 2016/2018/2021 The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. | 7.8 |