Lucene search

[email protected]NVD:CVE-2004-2204

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2204

2004-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

25.6%

JSON

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

Affected configurations

Nvd

Node

macromediacoldfusionMatch6.0

macromediacoldfusionMatch6.1

VendorProductVersionCPE
macromediacoldfusion6.0cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
macromediacoldfusion6.1cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
macromedia	coldfusion	6.0	cpe:2.3:a:macromedia:coldfusion:6.0:::::::*
macromedia	coldfusion	6.1	cpe:2.3:a:macromedia:coldfusion:6.1:::::::*

References

secunia.com/advisories/12693

www.macromedia.com/devnet/security/security_zone/mpsb04-10.html

www.osvdb.org/10718

www.securityfocus.com/archive/1/377213

www.securityfocus.com/bid/11364

exchange.xforce.ibmcloud.com/vulnerabilities/17567

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

25.6%

JSON

Related for NVD:CVE-2004-2204

cvelist1 cve1