Adobe ColdFusion Vulnerability: Deserialization of Untrusted Data Could Lead to Arbitrary Code Execution
CVE-2024-41874
9.8CRITICAL
Summary
ColdFusion is susceptible to a deserialization of untrusted data issue that allows for arbitrary code execution in the context of the current user. Attackers can exploit this flaw by submitting specially crafted inputs to applications, which, upon deserialization, execute the malicious code without requiring any user interaction. This vulnerability poses significant risks as it can compromise the integrity of applications running on affected ColdFusion versions.
Affected Version(s)
ColdFusion 0 <= 2021.15
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database