PT-2022-6426 · Adobe · Coldfusion
Published
2022-10-11
·
Updated
2022-10-28
·
CVE-2022-38419
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe ColdFusion versions Update 14 and earlier
Adobe ColdFusion versions Update 4 and earlier
Description
The issue is related to an improper restriction of XML external entity references. This could allow a remote attacker to gain unauthorized access to protected information. Exploitation of this issue does not require user interaction and may result in arbitrary file system read.
Recommendations
For Adobe ColdFusion versions Update 14 and earlier, update to a version later than Update 14 to resolve the issue.
For Adobe ColdFusion versions Update 4 and earlier, update to a version later than Update 4 to resolve the issue.
As a temporary workaround, consider restricting access to XML external entities until a patch is available.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion