PT-2021-2957 · Adobe · Coldfusion
Published
2021-03-22
·
Updated
2022-06-03
·
CVE-2021-21087
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Coldfusion versions 2016 (update 16 and earlier)
Adobe Coldfusion versions 2018 (update 10 and earlier)
Adobe Coldfusion version 2021.0.0.323925
Description
The issue is related to improper neutralization of input during web page generation, which can be exploited to execute arbitrary JavaScript code in the context of the current user. This can allow a remote attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction.
Recommendations
For Adobe Coldfusion version 2016 (update 16 and earlier), update to a version later than update 16.
For Adobe Coldfusion version 2018 (update 10 and earlier), update to a version later than update 10.
For Adobe Coldfusion version 2021.0.0.323925, update to a version later than 2021.0.0.323925.
As a temporary workaround, consider restricting user interaction with the affected system until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion