PT-2019-6050 · Adobe · Coldfusion

Publicado

2019-06-12

Atualizado

2020-09-04

CVE-2019-7840

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ColdFusion versions Update 3 and earlier ColdFusion versions Update 10 and earlier ColdFusion versions Update 18 and earlier

Description The issue is related to the deserialization mechanism of the ColdFusion platform, which has shortcomings. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations For ColdFusion versions Update 3 and earlier, consider disabling the deserialization of untrusted data as a temporary workaround until a patch is available. For ColdFusion versions Update 10 and earlier, restrict access to the deserialization mechanism to minimize the risk of exploitation. For ColdFusion versions Update 18 and earlier, avoid using the deserialization of untrusted data in the affected API endpoints until the issue is resolved.

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

BDU:2021-04368

CVE-2019-7840

Produtos afetados

Coldfusion

PT-2019-6050 · Adobe · Coldfusion

CVE-2019-7840

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4