CVE-2022-35690

Summary

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

Affected Software

VendorProductVersion RangeStatus
AdobeColdFusionunspecified <= CF2021U4affected
AdobeColdFusionunspecified <= CF2018u14affected
AdobeColdFusionunspecified <= Noneaffected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow (CWE-121)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References