Adobe ColdFusion 2021 Update 14

CPE Details

Adobe ColdFusion 2021 Update 14
adobe
coldfusion
2021
2024-09-17
10h22 +00:00
2024-09-17
10h22 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*

Informations

Vendor

adobe

Product

coldfusion

Version

2021

Update

update14

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-53961 2024-12-23 20h11 +00:00 ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. Exploitation of this issue requires the admin panel be exposed to the internet.
9.8
Critical
CVE-2024-41874 2024-09-13 09h18 +00:00 ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction.
9.8
Critical
CVE-2011-0733 2011-02-01 16h00 +00:00 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file.
4.3