CVE-2017-11286

Summary

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

Affected Software

VendorProductVersion RangeStatus
n/aAdobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.affected

Weaknesses

  • XML External Entity (XXE) Injection

ADP Enrichment

CVE Program Container

Additional References

References