Описание
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmitted credentials. Exploitation of this issue does not require user interaction.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmitted credentials. Exploitation of this issue does not require user interaction.
Уязвимость программной платформы ColdFusion, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю повысить свои привилегии
EPSS
4.3 Medium
CVSS3
5.3 Medium
CVSS3