Published: 12/06/2019 Updated: 26/06/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

ColdFusion versions Update 3 and previous versions, Update 10 and previous versions, and Update 18 and previous versions have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeColdfusion11.0, 2016, 2018

Mailing Lists

Advisory ID: SYSS-2019-006 Product: Coldfusion/JNBridge Manufacturer: Adobe/JNBridge LLC Affected Version(s): Coldfusion 2016,2018, JNBridge all versions Tested Version(s): 2018 Vulnerability Type: Remote Code Execution Risk Level: High Solution Status: Fixed Manufacturer Notification: 2019-03-27 Solution Date: 2019-06-11 Public Disclosure: 2019-06 ...

Recent Articles

It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes
The Register • Shaun Nichols in San Francisco • 11 Jun 2019

And Google drops a zero-day on Windows after deadline miss

Patch Tuesday Microsoft, Adobe, Intel, and SAP have all emitted their latest Patch Tuesday batch of security fixes. Users and admins are encouraged to test and install the updates as soon as humanly possible.
For those running Windows and Windows Server, you'll be interested in as many as 88 CVE-listed flaws that need addressing in Microsoft's products.
According to analysts at the Zero Day Initiative, a priority for admins should be a collection of four elevation-of-privilege vulner...

Critical Adobe Flash, ColdFusion Vulnerabilities Patched
Threatpost • Lindsey O'Donnell • 11 Jun 2019

Adobe has issued fixes for critical flaws in Adobe Flash and ColdFusion that could lead to arbitrary code execution if exploited.
Overall, Adobe patched 11 vulnerabilities across Adobe Flash, Adobe ColdFusion and Adobe Campaign – including five critical flaws – during its regularly-scheduled Tuesday update. This month’s update addresses far fewer vulnerabilities than May’s regularly-scheduled updates, which  fixed 87 vulnerabilities across Acrobat and Reader, Flash Player and Adob...