CVE-2013-1389

HIGH

Description

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.

References

http://www.adobe.com/support/security/bulletins/apsb13-13.html

Details

Source: MITRE

Published: 2013-05-16

Updated: 2013-05-16

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 10

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:9.0:update_10:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:9.0.1:update_9:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:9.0.2:update_4:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:10.0:update_1:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:10.0:update_3:*:*:*:*:*:*

cpe:2.3:a:adobe:coldfusion:10.0:update_4:*:*:*:*:*:*

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
66408	Adobe ColdFusion Authentication Bypass (APSB13-13) (intrusive check)	Nessus	CGI abuses	critical
66407	Adobe ColdFusion Authentication Bypass (APSB13-13)	Nessus	CGI abuses	critical