Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41874

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction.

Published

2024-09-13T10:15:12.447

Last Modified

2024-09-13T16:57:52.437

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2023	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes
Application	adobe	coldfusion	2021	Yes

References

https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html Vendor Advisory ([email protected])