Описание
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Ссылки
- URL Repurposed
- PatchVendor Advisory
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- URL Repurposed
- PatchVendor Advisory
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
EPSS
Процентиль: 2%
0.00013
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-470
Связанные уязвимости
CVSS3: 5.5
github
почти 4 года назад
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
EPSS
Процентиль: 2%
0.00013
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-470