CVE-2019-8073

Summary

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

Affected Software

VendorProductVersion RangeStatus
AdobeCold FusionColdFusion 2018- update 4 and earlieraffected
AdobeCold FusionColdFusion 2016- update 11 and earlieraffected

Weaknesses

  • Command Injection via Vulnerable component

ADP Enrichment

CVE Program Container

Additional References

References