Vulnerability in Adobe Coldfusion
CVE-2018-15957
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
EPSS: 0.515 (97.9th percentile) — read the EPSS interpretation.
Affected products
- Adobe Coldfusion — versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions
References
- helpx.adobe.com/security/products/coldfusion/apsb18-33.html (x_refsource_CONFIRM)
- 1041621 (vdb-entry, x_refsource_SECTRACK)
- 105313 (vdb-entry, x_refsource_BID)