CVE-2018-4939

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
adobecoldfusion
11.0
adobecoldfusion
11.0:update1
adobecoldfusion
11.0:update10
adobecoldfusion
11.0:update11
adobecoldfusion
11.0:update12
adobecoldfusion
11.0:update13
adobecoldfusion
11.0:update2
adobecoldfusion
11.0:update3
adobecoldfusion
11.0:update4
adobecoldfusion
11.0:update5
adobecoldfusion
11.0:update6
adobecoldfusion
11.0:update7
adobecoldfusion
11.0:update8
adobecoldfusion
11.0:update9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103718
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html
http://www.securityfocus.com/bid/103718
https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html