cvelistv5 - cve-2018-4940

CVE-2018-4940 (GCVE-0-2018-4940)

Vulnerability from cvelistv5 – Published: 2018-05-19 17:00 – Updated: 2024-08-05 05:18

Summary

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

Severity ?

No CVSS data available.

CWE

Cross-Site Scripting

Assigner

adobe

References

URL

Tags

	https://helpx.adobe.com/security/products/coldfus…	x_refsource_MISC
	http://www.securityfocus.com/bid/103718	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions	Affected: Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:27.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
          },
          {
            "name": "103718",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103718"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2018-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-20T09:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
        },
        {
          "name": "103718",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103718"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2018-4940",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
            },
            {
              "name": "103718",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103718"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2018-4940",
    "datePublished": "2018-05-19T17:00:00",
    "dateReserved": "2018-01-03T00:00:00",
    "dateUpdated": "2024-08-05T05:18:27.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E217CE63-07DC-4A88-8877-181F33A21C20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D4BD25E-6856-40EC-98A8-ACB540992487\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F0907E8-7BC4-4F5A-894C-B7C5F6BAAEAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFE18FEA-271A-42FE-8C24-19731DEB5444\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*\", \"matchCriteriaId\": \"15F7DCF1-D9F2-45C0-B089-E37C91579729\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB398297-DA76-4A56-858B-FC69FF220DAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"82F81CF8-1482-4731-AD34-677B8D6B930B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"57BBBE71-BBE0-4129-B997-3F9AF54BFBD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E514D95-9287-4A43-9A44-BD6F8EDC5DA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"96C50CD1-CE75-4D70-AD65-2DB6027D806A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE1B1190-4699-4FB0-AD46-DF0233B5BA90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*\", \"matchCriteriaId\": \"827CB550-5078-4FD5-8B1F-616C06912AD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*\", \"matchCriteriaId\": \"31F22450-F26C-4797-9292-66CA444C0D2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*\", \"matchCriteriaId\": \"72450205-B4F4-4B44-9991-F4876D829BBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B262F442-FF7F-4CC0-A9C5-FFD0EDB08E38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F3D7C8E-6695-44DF-AC9A-1AE09C46C529\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"12BAE66C-A745-4661-B5BB-7FC2C169CC82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6EC92F3-1EF8-4820-9CD8-ECEA03D27A7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7446D70-D616-4EC1-BC64-41CDE56EFEAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:2016:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"59453B01-EAAF-4291-B2C2-98835F5AFE80\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.\"}, {\"lang\": \"es\", \"value\": \"Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotaci\\u00f3n con \\u00e9xito podr\\u00eda resultar en una divulgaci\\u00f3n de informaci\\u00f3n.\"}]",
      "id": "CVE-2018-4940",
      "lastModified": "2024-11-21T04:07:45.277",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-05-19T17:29:01.510",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/103718\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103718\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4940\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2018-05-19T17:29:01.510\",\"lastModified\":\"2024-11-21T04:07:45.277\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.\"},{\"lang\":\"es\",\"value\":\"Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotaci\u00f3n con \u00e9xito podr\u00eda resultar en una divulgaci\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E217CE63-07DC-4A88-8877-181F33A21C20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D4BD25E-6856-40EC-98A8-ACB540992487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0907E8-7BC4-4F5A-894C-B7C5F6BAAEAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE18FEA-271A-42FE-8C24-19731DEB5444\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F7DCF1-D9F2-45C0-B089-E37C91579729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB398297-DA76-4A56-858B-FC69FF220DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"82F81CF8-1482-4731-AD34-677B8D6B930B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"57BBBE71-BBE0-4129-B997-3F9AF54BFBD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E514D95-9287-4A43-9A44-BD6F8EDC5DA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"96C50CD1-CE75-4D70-AD65-2DB6027D806A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1B1190-4699-4FB0-AD46-DF0233B5BA90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"827CB550-5078-4FD5-8B1F-616C06912AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"31F22450-F26C-4797-9292-66CA444C0D2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"72450205-B4F4-4B44-9991-F4876D829BBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B262F442-FF7F-4CC0-A9C5-FFD0EDB08E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F3D7C8E-6695-44DF-AC9A-1AE09C46C529\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BAE66C-A745-4661-B5BB-7FC2C169CC82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6EC92F3-1EF8-4820-9CD8-ECEA03D27A7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7446D70-D616-4EC1-BC64-41CDE56EFEAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2016:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"59453B01-EAAF-4291-B2C2-98835F5AFE80\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103718\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2018-10342

Vulnerability from cnvd - Published: 2018-05-28

Title

Adobe ColdFusion跨站脚本漏洞（CNVD-2018-10342）

Description

Adobe ColdFusion是美国奥多比（Adobe）公司的一款动态Web服务器产品，其运行的CFML（ColdFusion Markup Language）是针对Web应用的一种程序设计语言。 Adobe ColdFusion（2016年发布）Update 5及之前版本和ColdFusion 11 Update 13及之前版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞获取敏感信息。

Severity

低

Patch Name

Adobe ColdFusion跨站脚本漏洞（CNVD-2018-10342）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-4940

Impacted products

Name
['Adobe ColdFusion <=Update 5', 'Adobe ColdFusion <=11 Update 13']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103718"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4940"
    }
  },
  "description": "Adobe ColdFusion\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u52a8\u6001Web\u670d\u52a1\u5668\u4ea7\u54c1\uff0c\u5176\u8fd0\u884c\u7684CFML\uff08ColdFusion Markup Language\uff09\u662f\u9488\u5bf9Web\u5e94\u7528\u7684\u4e00\u79cd\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00\u3002\r\n\r\nAdobe ColdFusion\uff082016\u5e74\u53d1\u5e03\uff09Update 5\u53ca\u4e4b\u524d\u7248\u672c\u548cColdFusion 11 Update 13\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Nitesh Shilpkar, Nick Bloor of NCC Group, Jaaziel Sam Carlos, William Eatman and Michael S. O\u0027Dell from USRA, Matthias Kaiser of Code White GmbH.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/coldfusion/apsb18-14.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10342",
  "openTime": "2018-05-28",
  "patchDescription": "Adobe ColdFusion\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u52a8\u6001Web\u670d\u52a1\u5668\u4ea7\u54c1\uff0c\u5176\u8fd0\u884c\u7684CFML\uff08ColdFusion Markup Language\uff09\u662f\u9488\u5bf9Web\u5e94\u7528\u7684\u4e00\u79cd\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00\u3002\r\n\r\nAdobe ColdFusion\uff082016\u5e74\u53d1\u5e03\uff09Update 5\u53ca\u4e4b\u524d\u7248\u672c\u548cColdFusion 11 Update 13\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe ColdFusion\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2018-10342\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe ColdFusion \u003c=Update 5",
      "Adobe ColdFusion \u003c=11 Update 13"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-4940",
  "serverity": "\u4f4e",
  "submitTime": "2018-05-21",
  "title": "Adobe ColdFusion\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2018-10342\uff09"
}

CERTFR-2018-AVI-176

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 29.0.0.113 et antérieures sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 29.0.0.113 et antérieures sur Windows, Macintosh et Linux
Adobe	ColdFusion	ColdFusion versions 11 Update 13 et antérieures
Adobe	ColdFusion	ColdFusion versions (2016 release) Update 5 et antérieures
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 29.0.0.113 et antérieures sur Windows, Macintosh, Linux et Chrome OS

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB18-08 du 10 avril 2018	None	vendor-advisory
Bulletin de sécurité Adobe APSB18-14 du 10 avril 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 29.0.0.113 et ant\u00e9rieures sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions 29.0.0.113 et ant\u00e9rieures sur Windows, Macintosh et Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion versions 11 Update 13 et ant\u00e9rieures",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion versions (2016 release) Update 5 et ant\u00e9rieures",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 29.0.0.113 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4942"
    },
    {
      "name": "CVE-2018-4938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4938"
    },
    {
      "name": "CVE-2018-4932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4932"
    },
    {
      "name": "CVE-2018-4939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4939"
    },
    {
      "name": "CVE-2018-4941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4941"
    },
    {
      "name": "CVE-2018-4935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4935"
    },
    {
      "name": "CVE-2018-4940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4940"
    },
    {
      "name": "CVE-2018-4934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4934"
    },
    {
      "name": "CVE-2018-4933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4933"
    },
    {
      "name": "CVE-2018-4936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4936"
    },
    {
      "name": "CVE-2018-4937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4937"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-176",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-08 du 10 avril 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-14 du 10 avril 2018",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
    }
  ]
}

CERTFR-2018-AVI-176

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 29.0.0.113 et antérieures sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 29.0.0.113 et antérieures sur Windows, Macintosh et Linux
Adobe	ColdFusion	ColdFusion versions 11 Update 13 et antérieures
Adobe	ColdFusion	ColdFusion versions (2016 release) Update 5 et antérieures
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 29.0.0.113 et antérieures sur Windows, Macintosh, Linux et Chrome OS

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB18-08 du 10 avril 2018	None	vendor-advisory
Bulletin de sécurité Adobe APSB18-14 du 10 avril 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 29.0.0.113 et ant\u00e9rieures sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions 29.0.0.113 et ant\u00e9rieures sur Windows, Macintosh et Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion versions 11 Update 13 et ant\u00e9rieures",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion versions (2016 release) Update 5 et ant\u00e9rieures",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 29.0.0.113 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4942"
    },
    {
      "name": "CVE-2018-4938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4938"
    },
    {
      "name": "CVE-2018-4932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4932"
    },
    {
      "name": "CVE-2018-4939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4939"
    },
    {
      "name": "CVE-2018-4941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4941"
    },
    {
      "name": "CVE-2018-4935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4935"
    },
    {
      "name": "CVE-2018-4940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4940"
    },
    {
      "name": "CVE-2018-4934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4934"
    },
    {
      "name": "CVE-2018-4933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4933"
    },
    {
      "name": "CVE-2018-4936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4936"
    },
    {
      "name": "CVE-2018-4937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4937"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-176",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-08 du 10 avril 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-14 du 10 avril 2018",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
    }
  ]
}

GSD-2018-4940

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4940

Aliases

CVE-2018-4940

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4940",
    "description": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.",
    "id": "GSD-2018-4940"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4940"
      ],
      "details": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.",
      "id": "GSD-2018-4940",
      "modified": "2023-12-13T01:22:28.386655Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2018-4940",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-Site Scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
          },
          {
            "name": "103718",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103718"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:2016:update5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2018-4940"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
            },
            {
              "name": "103718",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103718"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2020-09-04T14:09Z",
      "publishedDate": "2018-05-19T17:29Z"
    }
  }
}

GHSA-3WJ7-HV5W-6F2M

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-19T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.",
  "id": "GHSA-3wj7-hv5w-6f2m",
  "modified": "2022-05-13T01:17:38Z",
  "published": "2022-05-13T01:17:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4940"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103718"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-4940

Vulnerability from fkie_nvd - Published: 2018-05-19 17:29 - Updated: 2024-11-21 04:07

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/103718	Third Party Advisory, VDB Entry
psirt@adobe.com	https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103718	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	11.0
adobe	coldfusion	2016
adobe	coldfusion	2016
adobe	coldfusion	2016
adobe	coldfusion	2016
adobe	coldfusion	2016
adobe	coldfusion	2016

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E217CE63-07DC-4A88-8877-181F33A21C20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "7D4BD25E-6856-40EC-98A8-ACB540992487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "2F0907E8-7BC4-4F5A-894C-B7C5F6BAAEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "AFE18FEA-271A-42FE-8C24-19731DEB5444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "15F7DCF1-D9F2-45C0-B089-E37C91579729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "CB398297-DA76-4A56-858B-FC69FF220DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "82F81CF8-1482-4731-AD34-677B8D6B930B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "57BBBE71-BBE0-4129-B997-3F9AF54BFBD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "8E514D95-9287-4A43-9A44-BD6F8EDC5DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "96C50CD1-CE75-4D70-AD65-2DB6027D806A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "AE1B1190-4699-4FB0-AD46-DF0233B5BA90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "827CB550-5078-4FD5-8B1F-616C06912AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "31F22450-F26C-4797-9292-66CA444C0D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "72450205-B4F4-4B44-9991-F4876D829BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*",
              "matchCriteriaId": "B262F442-FF7F-4CC0-A9C5-FFD0EDB08E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*",
              "matchCriteriaId": "9F3D7C8E-6695-44DF-AC9A-1AE09C46C529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*",
              "matchCriteriaId": "12BAE66C-A745-4661-B5BB-7FC2C169CC82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*",
              "matchCriteriaId": "E6EC92F3-1EF8-4820-9CD8-ECEA03D27A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D7446D70-D616-4EC1-BC64-41CDE56EFEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:2016:update5:*:*:*:*:*:*",
              "matchCriteriaId": "59453B01-EAAF-4291-B2C2-98835F5AFE80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure."
    },
    {
      "lang": "es",
      "value": "Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotaci\u00f3n con \u00e9xito podr\u00eda resultar en una divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2018-4940",
  "lastModified": "2024-11-21T04:07:45.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-19T17:29:01.510",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103718"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4940 (GCVE-0-2018-4940)

CNVD-2018-10342

CERTFR-2018-AVI-176

Solution

CERTFR-2018-AVI-176

Solution

GSD-2018-4940

GHSA-3WJ7-HV5W-6F2M

FKIE_CVE-2018-4940

Tags

Sightings

Nomenclature