CVE-2019-8256

Published: Dec 19, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

Affected (7)

Products: Adobe: Coldfusion

Adobe

1 product

Coldfusion

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Version 2018
Adobe Coldfusion	Version 2018 update1
Adobe Coldfusion	Version 2018 update2
Adobe Coldfusion	Version 2018 update3
Adobe Coldfusion	Version 2018 update4
Adobe Coldfusion	Version 2018 update5
Adobe Coldfusion	Version 2018 update6

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.