Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html | Vendor Advisory |
https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html - Vendor Advisory |
Information
Published : 2022-10-14 20:15
Updated : 2024-11-21 07:24
NVD link : CVE-2022-42341
Mitre link : CVE-2022-42341
CVE.ORG link : CVE-2022-42341
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-611
Improper Restriction of XML External Entity Reference