CVE-2022-38420

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html	Patch Vendor Advisory
https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion:2018:-::::::
	cpe:2.3:a:adobe:coldfusion:2018:update1::::::
	cpe:2.3:a:adobe:coldfusion:2018:update10::::::
	cpe:2.3:a:adobe:coldfusion:2018:update11::::::
	cpe:2.3:a:adobe:coldfusion:2018:update12::::::
	cpe:2.3:a:adobe:coldfusion:2018:update13::::::
	cpe:2.3:a:adobe:coldfusion:2018:update14::::::
	cpe:2.3:a:adobe:coldfusion:2018:update2::::::
	cpe:2.3:a:adobe:coldfusion:2018:update3::::::
	cpe:2.3:a:adobe:coldfusion:2018:update4::::::
	cpe:2.3:a:adobe:coldfusion:2018:update5::::::
	cpe:2.3:a:adobe:coldfusion:2018:update6::::::
	cpe:2.3:a:adobe:coldfusion:2018:update7::::::
	cpe:2.3:a:adobe:coldfusion:2018:update8::::::
	cpe:2.3:a:adobe:coldfusion:2018:update9::::::
	cpe:2.3:a:adobe:coldfusion:2021:-::::::
	cpe:2.3:a:adobe:coldfusion:2021:update1::::::
	cpe:2.3:a:adobe:coldfusion:2021:update2::::::
	cpe:2.3:a:adobe:coldfusion:2021:update3::::::
	cpe:2.3:a:adobe:coldfusion:2021:update4::::::

History

21 Nov 2024, 07:16

Type	Values Removed	Values Added
References	~~() https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html - Patch, Vendor Advisory~~	() https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html - Patch, Vendor Advisory

Information

Published : 2022-10-14 20:15

Updated : 2024-11-21 07:16

NVD link : CVE-2022-38420

Mitre link : CVE-2022-38420

CVE.ORG link : CVE-2022-38420

JSON object : View

Products Affected

adobe

coldfusion

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2022-38420", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-10-14T20:15:12.893", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction."}, {"lang": "es", "value": "Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) est\u00e1n afectadas por una vulnerabilidad de Uso de Credenciales Embebidas que podr\u00eda resultar en una denegaci\u00f3n de servicio de la aplicaci\u00f3n al conseguir acceso para iniciar/detener servicios arbitrarios. No es requerida una interacci\u00f3n del usuario para la explotaci\u00f3n de este problema"}], "lastModified": "2024-11-21T07:16:26.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B54B2B0-B1E1-4B4E-A529-D0BD3B5DEEF3"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDB126BF-E09D-4E58-A39F-1190407D1CAB"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DDD85DF-69A0-476F-8365-CD67C75CF0CE"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23F63675-7817-4AF0-A7DB-5E35EDABF04E"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E3BF53E-2C0D-4F79-8B62-4C2A50CB5F52"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C26BF72C-E991-4170-B68B-09B20B6C0679"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25B4B4F2-318F-4046-ADE5-E9DD64F83FD9"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59649177-81EE-43C3-BFA5-E56E65B486DF"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "453B96ED-738A-4642-B461-C5216CF45CA3"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58D32489-627B-4E49-9329-8A3B8F8E4903"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5860E1-D293-48FE-9796-058B78B2D571"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F9336CC-E38F-4BCB-83CD-805EC7FEF806"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97964507-047A-4CC8-8D2B-0EA0C7F9BD50"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82208628-F32A-4380-9B0F-DC8507E7701D"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2018:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1563CE5E-A4F7-40A4-A050-BB96E332D8DD"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}