PT-2014-3677 · Adobe+1 · Coldfusion+1
Published
2014-10-15
·
Updated
2020-09-04
·
CVE-2014-0570
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe ColdFusion version 9.0 before Update 13
Adobe ColdFusion version 9.0.1 before Update 12
Adobe ColdFusion version 9.0.2 before Update 7
Adobe ColdFusion version 10 before Update 14
Adobe ColdFusion version 11 before Update 2
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims via unknown vectors.
Recommendations
For Adobe ColdFusion version 9.0, apply Update 13 to resolve the issue.
For Adobe ColdFusion version 9.0.1, apply Update 12 to resolve the issue.
For Adobe ColdFusion version 9.0.2, apply Update 7 to resolve the issue.
For Adobe ColdFusion version 10, apply Update 14 to resolve the issue.
For Adobe ColdFusion version 11, apply Update 2 to resolve the issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Coldfusion