CVE-2004-2331

Name of the Vulnerable Software and Affected Versions: ColdFusion MX versions 6.1 and 6.1 J2EE

Description: The issue allows local users to bypass sandbox security restrictions and obtain sensitive information. This is achieved by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

Recommendations: For ColdFusion MX version 6.1, consider restricting access to Java reflection methods to minimize the risk of exploitation. For ColdFusion MX version 6.1 J2EE, avoid using Java reflection methods to access trusted Java objects without proper validation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.