CVE-2018-4939critical
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
References
http://www.securityfocus.com/bid/103718
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html
Details
Source: MITRE
Published: 2018-05-19
Updated: 2020-05-15
Type: CWE-502
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
CVSS v3
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_12:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_13:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:11.0:update_9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update_1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update_2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2016:update_3:*:*:*:*:*:*