Lucene search

AdobeCVE-2018-4939

HistoryMay 19, 2018 - 5:29 p.m.

CVE-2018-4939

2018-05-1917:29:01

CWE-502

adobe

web.nvd.nist.gov

902

In Wild

cve-2018-4939

adobe coldfusion

deserialization vulnerability

arbitrary code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.969

Percentile

99.7%

JSON

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected configurations

Nvd

Vulners

Node

adobecoldfusionMatch11.0-

adobecoldfusionMatch11.0update1

adobecoldfusionMatch11.0update10

adobecoldfusionMatch11.0update11

adobecoldfusionMatch11.0update12

adobecoldfusionMatch11.0update13

adobecoldfusionMatch11.0update2

adobecoldfusionMatch11.0update3

adobecoldfusionMatch11.0update4

adobecoldfusionMatch11.0update5

adobecoldfusionMatch11.0update6

adobecoldfusionMatch11.0update7

adobecoldfusionMatch11.0update8

adobecoldfusionMatch11.0update9

adobecoldfusionMatch2016-

adobecoldfusionMatch2016update1

adobecoldfusionMatch2016update2

adobecoldfusionMatch2016update3

adobecoldfusionMatch2016update4

adobecoldfusionMatch2016update5

VendorProductVersionCPE
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*
adobecoldfusion11.0cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:-::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update1::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update10::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update11::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update12::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update13::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update2::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update3::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update4::::::
adobe	coldfusion	11.0	cpe:2.3:a:adobe:coldfusion:11.0:update5::::::

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions"
      }
    ]
  }
]