PT-2021-7670 · Adobe · Coldfusion
Published
2021-10-11
·
Updated
2022-10-20
·
CVE-2022-35711
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Adobe ColdFusion versions Update 14 and earlier
Adobe ColdFusion versions Update 4 and earlier
Description
The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, and it is triggered when a crafted network packet is sent to the server.
Recommendations
For Adobe ColdFusion versions Update 14 and earlier, update to a version later than Update 14 to resolve the issue.
For Adobe ColdFusion versions Update 4 and earlier, update to a version later than Update 4 to resolve the issue.
As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation.
Fix
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Coldfusion