CVE-2022-35711

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*

History

21 Nov 2024, 07:11

Type Values Removed Values Added
References () https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html - Patch, Vendor Advisory () https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html - Patch, Vendor Advisory

Information

Published : 2022-10-14 20:15

Updated : 2024-11-21 07:11


NVD link : CVE-2022-35711

Mitre link : CVE-2022-35711

CVE.ORG link : CVE-2022-35711


JSON object : View

Products Affected

adobe

  • coldfusion
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write