Описание
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update5:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00856
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.
EPSS
Процентиль: 75%
0.00856
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611
CWE-611