CVE-2022-38419

Summary

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.

Affected Software

VendorProductVersion RangeStatus
AdobeColdFusionunspecified <= CF2021U4affected
AdobeColdFusionunspecified <= CF2018u14affected
AdobeColdFusionunspecified <= Noneaffected

Weaknesses

  • CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References