CVE-2019-7091

Published: May 24, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected (26)

Products: Adobe: Coldfusion

Adobe

1 product

Coldfusion

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Version 11.0
Adobe Coldfusion	Version 11.0 update10
Adobe Coldfusion	Version 11.0 update11
Adobe Coldfusion	Version 11.0 update12
Adobe Coldfusion	Version 11.0 update13
Adobe Coldfusion	Version 11.0 update14
Adobe Coldfusion	Version 11.0 update15
Adobe Coldfusion	Version 11.0 update1
Adobe Coldfusion	Version 11.0 update2
Adobe Coldfusion	Version 11.0 update3
Adobe Coldfusion	Version 11.0 update4
Adobe Coldfusion	Version 11.0 update5
Adobe Coldfusion	Version 11.0 update6
Adobe Coldfusion	Version 11.0 update7
Adobe Coldfusion	Version 11.0 update8
Adobe Coldfusion	Version 11.0 update9
Adobe Coldfusion	Version 2016
Adobe Coldfusion	Version 2016 update1
Adobe Coldfusion	Version 2016 update2
Adobe Coldfusion	Version 2016 update3
Adobe Coldfusion	Version 2016 update4
Adobe Coldfusion	Version 2016 update5
Adobe Coldfusion	Version 2016 update6
Adobe Coldfusion	Version 2016 update7
Adobe Coldfusion	Version 2018
Adobe Coldfusion	Version 2018 update1

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb19-10.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.